Description
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
Remediation
References
https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46365-Unsafe%20XML%20Parsing-Magnolia%20CMS
Related Vulnerabilities
CVE-2021-36151 Vulnerability in maven package org.apache.gobblin:gobblin-core
CVE-2023-37460 Vulnerability in maven package org.codehaus.plexus:plexus-archiver
CVE-2022-22931 Vulnerability in maven package org.apache.james:james-server
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator
CVE-2020-7238 Vulnerability in maven package io.netty:netty-codec-http