Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users.
Published at: May 11, 2020 at 01:15PM
View on website
More Stories
New vulnerability on the NVD: CVE-2020-19107
New vulnerability on the NVD: CVE-2020-19108
New vulnerability on the NVD: CVE-2020-19109