CVE-2019-19032

Name of the Vulnerable Software and Affected Versions XMLBlueprint versions prior to 16.191112

Description The issue is related to XML External Entity Injection, allowing for Arbitrary File Read when an XML file is validated. This is due to errors in processing .dtd files. The attack vector involves a specially crafted XML payload. Exploitation of this issue may allow a remote attacker to cause a denial of service or read arbitrary files by tricking a user into opening a specially crafted XML file.

Recommendations For XMLBlueprint versions prior to 16.191112, as a temporary workaround, consider disabling the XML Validate function until a patch is available. Restrict access to the XML validation component to minimize the risk of exploitation. Avoid using specially crafted XML files that could trigger the vulnerability until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.