CVE-2018-11788

Name of the Vulnerable Software and Affected Versions Apache Karaf versions prior to 4.1.7 Apache Karaf versions prior to 4.2.2

Description The issue is related to the XMLInputFactory class in Apache Karaf, which lacks mitigation against XXE attacks. This allows an attacker to inject external XML entities, potentially leading to arbitrary code execution. The vulnerability is associated with the incorrect restriction of XML links to external objects.

Recommendations For Apache Karaf versions prior to 4.1.7, update to version 4.1.7 or later to resolve the issue. For Apache Karaf versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue.