High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

Design/Logic Flaw

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...