Description

Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java

Remediation

References

https://github.com/mulesoft/apikit/issues/547

Related Vulnerabilities

CVE-2020-7793 Vulnerability in maven package org.webjars.npm:ua-parser-js

CVE-2015-3337 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2022-45395 Vulnerability in maven package com.thalesgroup.jenkins-ci.plugins:cccc

CVE-2022-24197 Vulnerability in maven package com.itextpdf:itext7-core

CVE-2020-28494 Vulnerability in npm package total.js

Severity

Critical

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory