CVE-2018-1000548

Name of the Vulnerable Software and Affected Versions Umlet versions prior to 14.3

Description The issue is related to a XML External Entity (XXE) vulnerability in file parsing, which can lead to disclosure of confidential data, denial of service, and server-side request forgery. This can be exploited via a specially crafted UXF file.

Recommendations For versions prior to 14.3, update to version 14.3 to resolve the issue. As a temporary workaround, consider restricting the use of UXF files or avoiding the parsing of external entities until the update is applied.