Description
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
Remediation
References
http://secunia.com/advisories/56940
https://exchange.xforce.ibmcloud.com/vulnerabilities/91181
https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements
Related Vulnerabilities
CVE-2021-3424 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2020-4076 Vulnerability in npm package electron
CVE-2022-21671 Vulnerability in npm package @replit/crosis
CVE-2010-1870 Vulnerability in maven package com.opensymphony:xwork-core
CVE-2020-1695 Vulnerability in maven package org.jboss.resteasy:resteasy-core