This page collects WhisperX intelligence signals tagged #CVE-2026-24400. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Java 测试库 AssertJ Core 的一个关键组件被发现存在高危安全漏洞。该漏洞位于 `org.assertj.core.util.xml.XmlStringPrettyFormatter` 类中,其 `toXmlDocument(String)` 方法在初始化 `DocumentBuilderFactory` 时使用了默认配置,未能禁用 DTD 或外部实体解析。这使得当应用程序使用 `isXmlEqualTo(CharSequence)` 断言来处理不可信的 XML 输入时,可能遭受 XML 外部实体攻击。 具体而言,该漏洞(标识为 GHSA-rqfh-9r24-8c9r,别名 CVE-2026-24400)被归类为 C...
A critical security vulnerability in the popular Java testing library AssertJ has been patched, forcing a mandatory update for millions of projects. The flaw, tracked as CVE-2026-24400, is an XML External Entity (XXE) vulnerability that resides within the library's `isXmlEqualTo` assertion. This function, used to compa...