Description
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.
Remediation
References
https://github.com/azkaban/azkaban/issues/2478
Related Vulnerabilities
CVE-2019-6283 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2011-2481 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2018-16459 Vulnerability in npm package exceljs
CVE-2020-36379 Vulnerability in npm package aaptjs
CVE-2022-29237 Vulnerability in maven package org.opencastproject:opencast-ingest-service-impl