Description
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
Remediation
References
https://github.com/traccar/traccar/commit/d7f6c53fd88635885914013649b6807ec53227bf
https://www.traccar.org/blog/
Related Vulnerabilities
CVE-2022-41704 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2018-1000123 Vulnerability in npm package cordova-plugin-ios-keychain
CVE-2020-26274 Vulnerability in npm package systeminformation
CVE-2021-21429 Vulnerability in maven package org.openapitools:openapi-generator-maven-plugin
CVE-2021-40660 Vulnerability in maven package org.javadelight:delight-nashorn-sandbox