Advisories for Maven/Org.picketlink/Picketlink-Fed-Core package

2014

Information Exposure

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.