Description
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3.
Remediation
References
http://0dd.zone/2018/04/23/UMLet-XXE/
https://github.com/umlet/umlet/issues/500
Related Vulnerabilities
CVE-2023-38509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2022-25296 Vulnerability in npm package bodymen
CVE-2022-34114 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2021-42767 Vulnerability in maven package org.neo4j.procedure:apoc
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.convertors