1 results (0.006 seconds)
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41042
https://notcve.org/view.php?id=CVE-2021-41042
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved. En Eclipse Lyo versiones 1.0.0 a 4.1.0, un TransformerFactory es inicializado con los valores predeterminados que no restringen la carga de DTD cuando es trabajado con RDF/XML. Esto permite a un atacante causar la recuperación de un DTD externo • https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/287 • CWE-611: Improper Restriction of XML External Entity Reference •