Description
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.
Remediation
References
https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e
https://github.com/mapfish/mapfish-print/security/advisories/GHSA-vjv6-gq77-3mjw
Related Vulnerabilities
CVE-2010-10006 Vulnerability in maven package org.expressme:jopenid
CVE-2020-26291 Vulnerability in maven package org.webjars.bower:urijs
CVE-2022-23539 Vulnerability in npm package jsonwebtoken
CVE-2023-49804 Vulnerability in npm package uptime-kuma
CVE-2020-36732 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js