Description
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
Remediation
References
https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
Related Vulnerabilities
CVE-2023-37579 Vulnerability in maven package org.apache.pulsar:pulsar-functions-worker
CVE-2017-1000427 Vulnerability in maven package org.webjars.npm:marked
CVE-2022-2932 Vulnerability in npm package mobiledoc-kit
CVE-2023-45857 Vulnerability in maven package org.webjars.npm:axios
CVE-2016-10707 Vulnerability in maven package org.webjars.npm:jquery