CNNVD-202601-4320 Information
CNNVD ID
CNNVD-202601-4320
Related CVE
- CNNVD Published: 2026-01-26
Description (Chinese)
AssertJ是AssertJ开源的一个单元测试工具。 AssertJ 1.4.0版本至3.27.7之前版本存在代码问题漏洞,该漏洞源于XmlStringPrettyFormatter存在XML外部实体漏洞,可能导致读取任意本地文件、服务端请求伪造或拒绝服务攻击。
Description (English)
AssertJ is a unit test tool for AssertJ open source. There was a code gap in AssertJ, Version 1.4.0, to previous versions of 3.27.7, which stemmed from the XmlStringPrettyFormatter’s external physical loophole, which could lead to the reading of random local documents, requests for forgery or denial of service attacks.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
AssertJ
Published
2026-01-26
Last Modified
2026-02-24
References
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a https://github.com/assertj/assertj/releases/tag/assertj-build-3.27.7 https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r
Patch
https://github.com/assertj/assertj/releases
Share on: