VYPR
Critical severityNVD Advisory· Published May 11, 2020· Updated Aug 5, 2024

CVE-2018-1285

CVE-2018-1285

Description

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
log4netNuGet
< 2.0.102.0.10

Affected products

3

Patches

Vulnerability mechanics

References

34

News mentions

0

No linked articles in our index yet.