Description
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
Remediation
References
https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements
http://secunia.com/advisories/56940
https://exchange.xforce.ibmcloud.com/vulnerabilities/91181
Related Vulnerabilities
CVE-2019-10417 Vulnerability in maven package io.fabric8.pipeline:kubernetes-pipeline-devops-steps
CVE-2023-47323 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2014-3574 Vulnerability in maven package org.apache.poi:poi-ooxml
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-core