CVE-2018-1285

CVE-2018-1285

Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users.

Source: CVE-2018-1285