Description
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
Remediation
References
https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
Related Vulnerabilities
CVE-2022-41654 Vulnerability in npm package ghost
CVE-2023-37949 Vulnerability in maven package io.jenkins.plugins:macstadium-orka
CVE-2021-43090 Vulnerability in maven package com.predic8:soa-model-core
CVE-2021-43821 Vulnerability in maven package org.opencastproject:opencast-ingest-service-impl
CVE-2023-24439 Vulnerability in maven package org.jenkins-ci.plugins:jira-steps