Description
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
Remediation
References
https://github.com/pippo-java/pippo/issues/486
Related Vulnerabilities
CVE-2022-28150 Vulnerability in maven package com.synopsys.jenkinsci:ownership
CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-worker
CVE-2022-2191 Vulnerability in maven package org.eclipse.jetty:jetty-server