Description
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
Remediation
References
https://github.com/traccar/traccar/commit/d7f6c53fd88635885914013649b6807ec53227bf
https://www.traccar.org/blog/
Related Vulnerabilities
CVE-2020-5229 Vulnerability in maven package org.opencastproject:opencast-common-jpa-impl
CVE-2021-21380 Vulnerability in maven package org.xwiki.platform:xwiki-platform-ratings-api
CVE-2021-28860 Vulnerability in npm package mixme
CVE-2017-16129 Vulnerability in maven package org.webjars.npm:superagent
CVE-2023-23850 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity