Description
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
Related Vulnerabilities
CVE-2018-5158 Vulnerability in maven package org.webjars.npm:pdfjs-dist
CVE-2019-12404 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2014-2066 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2017-4992 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2023-48219 Vulnerability in maven package org.webjars.npm:tinymce