Description
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
Remediation
References
http://juddi.apache.org/security.html
https://issues.apache.org/jira/browse/JUDDI-987
Related Vulnerabilities
CVE-2023-28640 Vulnerability in maven package io.apiman:apiman-manager-api-rest-impl
CVE-2013-4330 Vulnerability in maven package org.apache.camel:camel-core
CVE-2023-37909 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui
CVE-2022-34177 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-input-step