Description
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
Remediation
References
https://github.com/joniles/mpxj/pull/178/commits/c3e457f7a16facfe563eade82b0fa8736a8c96f9
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2018-19048 Vulnerability in maven package org.webjars:simditor
CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_sjs1_3
CVE-2022-36910 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search
CVE-2023-40787 Vulnerability in maven package org.springblade:blade-core-tool
CVE-2023-26055 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml