Maven/Org.jdom/Jdom | GitLab Advisory Database

XML External Entity (XXE) Injection in JDOM

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. As a workaround, to avoid external entities being expanded, one can call builder.setExpandEntities(false) and they won't be expanded.

Advisories for Maven/Org.jdom/Jdom package