CVE-2021-41042
N/A
N/A
Summary
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Lyo | 1.0.0 < unspecified | affected |
| The Eclipse Foundation | Eclipse Lyo | unspecified <= 4.1.0 | affected |
Weaknesses
- CWE-611: CWE-611
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.