Affects Bio-Formats <= 8.4.0
Bio-Formats up to 8.4.0 contains an XML External Entity (XXE) vulnerability.
Bio-Formats up to 8.4.0 contains an XML External Entity (XXE) vulnerability. The issue is caused by an insecurely configured DocumentBuilderFactory that allows external entity resolution and external DTD loading when parsing user-supplied XML metadata.
Bio-Formats <= 8.4.0
Moderate severity.
N/A
Bio-Formats should be upgraded to at least 8.5.0.
Beatriz Fresno Naumova for notifying the OME team of this security issue via security@openmicroscopy.org.
© 2005-2026 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2026.03.18