CVE-2022-41967

Name of the Vulnerable Software and Affected Versions Dragonfly version 0.3.0-SNAPSHOT

Description The issue concerns a Java runtime dependency management library that does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This can be avoided by not trying to resolve SNAPSHOT versions, as the library only parses XML for such versions.

Recommendations For Dragonfly version 0.3.0-SNAPSHOT, update to version 0.3.1-SNAPSHOT to resolve the issue. As a temporary workaround, consider avoiding the resolution of SNAPSHOT versions to minimize the risk of exploitation.