ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0), ca.islandora.alpaca:islandora-indexing-triplestore (>=0.2.0 <=0.3.0) +913 more potentially affected by CVE-2017-5643 via org.apache.camel:camel-core (>=2.18.0 <=2.18.1)

org.apache.camel:camel-core MAVEN version =2.18.0, =0.2.0, =0.2.0, =2.7, =2.18.0, =2.18.1 - com.tatsuyafw:camel-fluentd =2.18.0 - cool.pandora:acrepo-exts-image =0.0.3 - cool.pandora:pandora-exts-encoder =0.0.4 and more Source cves: CVE-2017-5643 Source advisory: OSV:GHSA-VQ9J-JH62-5HMP...

CVE-2017-5643

It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...