Pippo JAXB is vulnerable to XML external entity (XXE). The XML parser does not disable the usage of external Document Type Definition (DTD), allowing a remote attacker to perform XXE attacks via a crafted XML file.
CPE | Name | Operator | Version |
---|---|---|---|
pippo jaxb | le | 1.11.0 |