CVE-2018-1000829

Name of the Vulnerable Software and Affected Versions Anyplace versions prior to commit 80359b4

Description The issue is related to a XML External Entity (XXE) vulnerability in the Man in the middle on map API call. This can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning.

Recommendations For versions prior to commit 80359b4, update to a version after commit 80359b4 to resolve the issue. As a temporary workaround, consider restricting access to the map API call to minimize the risk of exploitation.