Description
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3.
Remediation
References
http://0dd.zone/2018/04/23/UMLet-XXE/
https://github.com/umlet/umlet/issues/500
Related Vulnerabilities
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-support
CVE-2021-3820 Vulnerability in npm package i
CVE-2022-36083 Vulnerability in npm package jose-node-esm-runtime
CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2020-19698 Vulnerability in maven package org.webjars.bower:editor.md