Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-2147

Guard against CVE-2020-10683 (dom4j reading external entities)

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.9.0
    • Component/s: None
    • Labels:
      None

      Description

      The version of dom4j that we use allows External Entities by default which might enable XXE attacks.

      Dom4j should either be updated, or configured properly.

        Attachments

          Activity

            People

            Assignee:
            guus Guus der Kinderen
            Reporter:
            guus Guus der Kinderen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: