Description
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.
Remediation
References
https://www.kb.cert.org/vuls/id/779243
https://www.securityfocus.com/bid/94864/
Related Vulnerabilities
CVE-2023-24998 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2014-3743 Vulnerability in npm package marked
CVE-2018-11797 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-dao
CVE-2019-10291 Vulnerability in maven package org.jenkins-ci.plugins:netsparker-cloud-scan