CVE-2018-1000822

Name of the Vulnerable Software and Affected Versions codelibs fess versions before commit faa265b

Description The issue is related to a XML External Entity (XXE) vulnerability in the GSA XML file parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via specially crafted GSA XML files.

Recommendations For versions before commit faa265b, update to a version after commit faa265b to resolve the issue. As a temporary workaround, consider restricting the use of the GSA XML file parser until a patch is available. Avoid using specially crafted GSA XML files in the affected parser until the issue is resolved.