DEBIAN-CVE-2020-10683

DEBIAN-CVE-2020-10683 PUBLISHED CVSS 9.800000190734863 CRITICAL

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	dom4j	0, 0, 0
Debian:12	dom4j	0, 0, 0
Debian:14	dom4j	0, 0, 0
Debian:11	dom4j	0, 0, 0

Timeline

May 1, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-10683 advisory

Open in Interactive Console →