CVE-2023-45960

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45960
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

22 Nov 2023, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://github.com/joker-xiaoyan/XXE-SAXReader/issues/1', 'name': 'https://github.com/joker-xiaoyan/XXE-SAXReader/issues/1', 'tags': ['Issue Tracking'], 'refsource': 'MISC'}
  • {'url': 'https://dom4j.github.io/', 'name': 'https://dom4j.github.io/', 'tags': ['Product'], 'refsource': 'MISC'}
  • {'url': 'https://github.com/joker-xiaoyan/XXE-SAXReader/tree/main', 'name': 'https://github.com/joker-xiaoyan/XXE-SAXReader/tree/main', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}
  • {'url': 'https://github.com/dom4j/dom4j/issues/171#issuecomment-1781547256', 'name': 'https://github.com/dom4j/dom4j/issues/171#issuecomment-1781547256', 'tags': ['Issue Tracking'], 'refsource': 'MISC'}
CWE CWE-91
CPE cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : unknown
Summary An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which "can be safe in one case and unsafe in another." Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

07 Nov 2023, 04:21

Type Values Removed Values Added
Summary ** DISPUTED ** An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which "can be safe in one case and unsafe in another." An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which "can be safe in one case and unsafe in another."

01 Nov 2023, 17:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-91
CPE cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*
First Time Dom4j Project
Dom4j Project dom4j
References (MISC) https://github.com/joker-xiaoyan/XXE-SAXReader/issues/1 - (MISC) https://github.com/joker-xiaoyan/XXE-SAXReader/issues/1 - Issue Tracking
References (MISC) https://dom4j.github.io/ - (MISC) https://dom4j.github.io/ - Product
References (MISC) https://github.com/joker-xiaoyan/XXE-SAXReader/tree/main - (MISC) https://github.com/joker-xiaoyan/XXE-SAXReader/tree/main - Third Party Advisory
References (MISC) https://github.com/dom4j/dom4j/issues/171#issuecomment-1781547256 - (MISC) https://github.com/dom4j/dom4j/issues/171#issuecomment-1781547256 - Issue Tracking

28 Oct 2023, 21:15

Type Values Removed Values Added
Summary An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. ** DISPUTED ** An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which "can be safe in one case and unsafe in another."
References
  • (MISC) https://github.com/joker-xiaoyan/XXE-SAXReader/issues/1 -
  • (MISC) https://github.com/dom4j/dom4j/issues/171#issuecomment-1781547256 -

25 Oct 2023, 18:17

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-25 18:17

Updated : 2024-04-16 18:27

NVD link : CVE-2023-45960

Mitre link : CVE-2023-45960

CVE.ORG link : CVE-2023-45960

JSON object : View

Products Affected

No product.

CWE

No CWE.