Vulnerability	Vulnerable Version
M XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the `toXmlDocument` function of `XmlStringPrettyFormatter`. An attacker can read arbitrary local files, perform server-side request forgery, or cause denial of service by providing crafted XML input containing external entities. Note: This formatter is used by `isXmlEqualTo(CharSequence)` and `xmlPrettyFormat(String)` and could be exploited if untrusted XML input is processed by the methods. How to fix XML External Entity (XXE) Injection? Upgrade `org.assertj:assertj-core` to version 3.27.7 or higher.	[1.4.0,3.27.7)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the toXmlDocument function of XmlStringPrettyFormatter. An attacker can read arbitrary local files, perform server-side request forgery, or cause denial of service by providing crafted XML input containing external entities.

Note: This formatter is used by isXmlEqualTo(CharSequence) and xmlPrettyFormat(String) and could be exploited if untrusted XML input is processed by the methods.

How to fix XML External Entity (XXE) Injection?

Upgrade org.assertj:assertj-core to version 3.27.7 or higher.

[1.4.0,3.27.7)

Go back to all versions of this package