High severityNVD Advisory· Published Jun 16, 2021· Updated Aug 3, 2024
CVE-2021-33813
CVE-2021-33813
Description
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
XXE vulnerability in JDOM's SAXBuilder allows denial of service via crafted HTTP requests up to version 2.0.6.
Vulnerability
JDOM through version 2.0.6 contains an XML External Entity (XXE) vulnerability in the SAXBuilder class. The library fails to properly enforce security features that disable external entities, regardless of the boolean value set for the http://xml.org/sax/features/external-general-entities feature. This allows an attacker to craft an XML payload that, when parsed by SAXBuilder, expands external entities and causes excessive resource consumption. The vulnerability is identified as CVE-2021-33813 [1][2].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request containing an XXE payload, such as a billion laughs attack (quadratic or exponential entity expansion), to an application that uses the vulnerable SAXBuilder for XML parsing. No authentication or special privileges are required. The attacker only needs to provide a malicious XML document that triggers entity expansion [2].
Impact
Successful exploitation leads to a denial of service (DoS) condition due to uncontrolled resource consumption (CPU and memory). The vulnerability does not lead to information disclosure or remote code execution; its primary impact is service disruption [1][2].
Mitigation
JDOM version 2.0.6.1 was released on 2021-06-22 and fixes this issue by ensuring user-specified parser features take precedence after entity expansion settings [3]. As a workaround, users can call builder.setExpandEntities(false) to disable entity expansion, which mitigates the vulnerability [2].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jdom:jdom2Maven | < 2.0.6.1 | 2.0.6.1 |
org.jdom:jdomMaven | <= 2.0.2 | — |
Affected products
156- JDOM/SAXBuilderdescription
- osv-coords155 versionspkg:bitnami/solrpkg:maven/org.jdom/jdompkg:maven/org.jdom/jdom2pkg:rpm/opensuse/apiguardian&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/apiguardian&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/assertj-core&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/assertj-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/byte-buddy&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/byte-buddy&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/dom4j&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/dom4j&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/hamcrest&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/hamcrest&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/jaxen&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/jaxen&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/jdom2&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/jdom2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/jdom2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/jdom&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/jdom&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/jdom&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/jopt-simple&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/jopt-simple&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/junit5&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/junit5&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/junit5-minimal&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/junit5-minimal&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/junit&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/junit&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/objectweb-asm&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/objectweb-asm&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/open-test-reporting&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/open-test-reporting&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/saxpath&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/saxpath&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xom&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xom&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/apiguardian&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/assertj-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/byte-buddy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/dom4j&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/dom4j&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/dom4j&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/hamcrest&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/hamcrest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/jaxen&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/jaxen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/jaxen&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/jdom2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/jdom2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/jdom&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/jdom&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/jdom&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/jdom&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/jopt-simple&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/junit5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/junit5-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/junit&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/junit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/objectweb-asm&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/objectweb-asm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/objectweb-asm&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/objectweb-asm&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/objectweb-asm&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/open-test-reporting&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/xom&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xom&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/xom&distro=SUSE%20Manager%20Server%20Module%204.3
>= 8.8.1, < 8.8.2+ 154 more
- (no CPE)range: >= 8.8.1, < 8.8.2
- (no CPE)range: <= 2.0.2
- (no CPE)range: < 2.0.6.1
- (no CPE)range: < 1.1.2-150200.3.10.2
- (no CPE)range: < 1.1.2-150200.3.10.2
- (no CPE)range: < 3.25.3-150200.5.4.3
- (no CPE)range: < 3.25.3-150200.5.4.3
- (no CPE)range: < 1.14.16-150200.5.7.1
- (no CPE)range: < 1.14.16-150200.5.7.1
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.6-lp152.2.3.1
- (no CPE)range: < 2.0.6-3.3.1
- (no CPE)range: < 2.0.6-3.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-40.1
- (no CPE)range: < 5.0.4-150200.3.4.3
- (no CPE)range: < 5.0.4-150200.3.4.3
- (no CPE)range: < 5.10.2-150200.3.10.3
- (no CPE)range: < 5.10.2-150200.3.10.3
- (no CPE)range: < 5.10.2-150200.3.10.2
- (no CPE)range: < 5.10.2-150200.3.10.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 0.1.0~M2-150200.5.7.2
- (no CPE)range: < 0.1.0~M2-150200.5.7.2
- (no CPE)range: < 1.0-150200.5.3.3
- (no CPE)range: < 1.0-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.1.2-150200.3.10.2
- (no CPE)range: < 3.25.3-150200.5.4.3
- (no CPE)range: < 1.14.16-150200.5.7.1
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.1.4-150200.12.10.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.2-150200.12.17.2
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.0-150200.5.3.1
- (no CPE)range: < 2.0.6-3.3.1
- (no CPE)range: < 2.0.6-3.3.1
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1-150000.5.3.1
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 1.1.3-26.5.1
- (no CPE)range: < 1.1.3-150200.12.8.2
- (no CPE)range: < 5.0.4-150200.3.4.3
- (no CPE)range: < 5.10.2-150200.3.10.3
- (no CPE)range: < 5.10.2-150200.3.10.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 4.13.2-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 9.7-150200.3.15.2
- (no CPE)range: < 0.1.0~M2-150200.5.7.2
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
- (no CPE)range: < 1.3.9-150200.5.3.3
Patches
1dd4f3c2fc789Addresses #189 - synchronizes external entity expansion setting
1 file changed · +6 −0
core/src/java/org/jdom2/input/SAXBuilder.java+6 −0 modified@@ -82,6 +82,7 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT import org.jdom2.DocType; import org.jdom2.Document; import org.jdom2.EntityRef; +import org.jdom2.JDOMConstants; import org.jdom2.JDOMException; import org.jdom2.JDOMFactory; import org.jdom2.Verifier; @@ -797,6 +798,11 @@ public void setFastReconfigure(final boolean fastReconfigure) { public void setFeature(final String name, final boolean value) { // Save the specified feature for later. features.put(name, value ? Boolean.TRUE : Boolean.FALSE); + if (JDOMConstants.SAX_FEATURE_EXTERNAL_ENT.equals(name)) { + // See issue https://github.com/hunterhacker/jdom/issues/189 + // And PR https://github.com/hunterhacker/jdom/pull/188 + setExpandEntities(value); + } engine = null; }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
31- github.com/advisories/GHSA-2363-cqg2-863cghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXM/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZG/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2021-33813ghsaADVISORY
- alephsecurity.com/vulns/aleph-2021003ghsax_refsource_MISCWEB
- github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd914954c73eb577f925a7d361ghsaWEB
- github.com/hunterhacker/jdom/issues/189ghsaWEB
- github.com/hunterhacker/jdom/pull/188ghsax_refsource_MISCWEB
- github.com/hunterhacker/jdom/releases/tag/JDOM-2.0.6.1ghsaWEB
- lists.apache.org/thread.html/r21c406c7ed88fe340db7dbae75e58355159e6c324037c7d5547bf40b%40%3Cissues.solr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r21c406c7ed88fe340db7dbae75e58355159e6c324037c7d5547bf40b@%3Cissues.solr.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r5674106135bb1a6ef57483f4c63a9c44bca85d0e2a8a05895a8f1d89%40%3Cissues.solr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r5674106135bb1a6ef57483f4c63a9c44bca85d0e2a8a05895a8f1d89@%3Cissues.solr.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r6db397ae7281ead825338200d1f62d2827585a70797cc9ac0c4bd23f%40%3Cissues.solr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r6db397ae7281ead825338200d1f62d2827585a70797cc9ac0c4bd23f@%3Cissues.solr.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r845e987b7cd8efe610284958e997b84583f5a98d3394adc09e3482fe%40%3Cissues.solr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r845e987b7cd8efe610284958e997b84583f5a98d3394adc09e3482fe@%3Cissues.solr.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r89b3800cfabb1e773e49425e5d4239c28a659839a2eca6af3431482e%40%3Cissues.solr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r89b3800cfabb1e773e49425e5d4239c28a659839a2eca6af3431482e@%3Cissues.solr.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rfb7a93e40ebeb1e0068cde0bf3834dcab46bb1ef06d6424db48ed9fd%40%3Cdev.tika.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rfb7a93e40ebeb1e0068cde0bf3834dcab46bb1ef06d6424db48ed9fd@%3Cdev.tika.apache.org%3EghsaWEB
- lists.debian.org/debian-lts-announce/2021/06/msg00026.htmlghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2021/07/msg00012.htmlghsamailing-listx_refsource_MLISTWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXMghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZGghsaWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.