Description
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.
Remediation
References
https://github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381
https://huntr.dev/bounties/f1ae5779-b406-4594-a8a3-d089c68d6e70
https://www.oracle.com/security-alerts/cpujul2022.html
http://seclists.org/fulldisclosure/2025/Apr/14
Related Vulnerabilities
CVE-2021-23899 Vulnerability in maven package com.mikesamuel:json-sanitizer
CVE-2022-23464 Vulnerability in maven package com.nepxion:discovery-plugin-admin-center
CVE-2021-39167 Vulnerability in npm package @openzeppelin/contracts
CVE-2023-43794 Vulnerability in npm package nocodb
CVE-2016-10735 Vulnerability in maven package org.webjars.bower:bootstrap-sass