WSO2 API Manager and API Microgateway are vulnerable to XML Entity Expansion attacks. The vulnerability exists due to XML Entity Expansion attacks and a lack of sanitization allowing an attacker to crash the system via an unauthenticated requests with a maliciously crafted XML file.
docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
github.com/wso2/carbon-governance/commit/8a033d5cdb5aba7cfd30318b5a398ca017d0436d
github.com/wso2/carbon-governance/commit/a5f4d6f1d4bd8f35b12c8ec542b97a9b198be47d
github.com/wso2/carbon-governance/commit/f0270c1e36083355dabc79a824e676161e365d20
github.com/wso2/carbon-governance/pull/339
github.com/wso2/carbon-governance/pull/340
github.com/wso2/carbon-governance/pull/341