Description
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Smooth Gallery 'galleryID' Parameter SQL Injection (1.2)
MySQL CVE-2019-2774 Vulnerability (CVE-2019-2774)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)
Oracle Application Server CVE-2008-2593 Vulnerability (CVE-2008-2593)
PHP Deserialization of Untrusted Data Vulnerability (CVE-2017-11143)