Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users.
Published at: May 11, 2020 at 08:15PM
View on website
No comments:
Post a Comment