Jacklosingheart

**Name of the Vulnerable Software and Affected Versions** http4k versions prior to 5.41.0.0 **Description** The issue is related to an XXE (XML External Entity Injection) vulnerability when http4k handles malicious XML contents within requests. This could allow attackers to read local sensitive information on the server, trigger Server-side Request Forgery, and even execute code under some circumstances. **Recommendations** To resolve the issue, update to version 5.41.0.0 or later, as this version contains a patch for the problem. As a temporary workaround, consider disabling the XML parsing feature in http4k until a patch is applied. Restrict access to the XML handling module to minimize the risk of exploitation. Avoid using the `xmlLens` function in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: powertac-server version 1.9.0 Description: An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. Recommendations: For powertac-server version 1.9.0, consider disabling the DocumentBuilderFactory component until a patch is available to prevent exploitation of the XXE vulnerability. Restrict access to sensitive information and limit the execution of arbitrary code by implementing additional security measures, such as input validation and sanitization of XML entities.

Name of the Vulnerable Software and Affected Versions: openimaj version 1.3.10 Description: An XML External Entity (XXE) issue allows attackers to access sensitive information or execute arbitrary code by supplying a crafted XML file. This can lead to unauthorized access to data or execution of malicious code. Recommendations: For openimaj version 1.3.10, consider disabling the Dmoz2CSV component until a patch is available to prevent exploitation of the XXE vulnerability. Restrict access to sensitive information and monitor for any suspicious activity related to XML file processing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The issue allows attackers to access sensitive information or execute arbitrary code by supplying a crafted request containing malicious XML entities. This is due to an XML External Entity (XXE) vulnerability. Recommendations: For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of external XML entities to minimize the risk of exploitation.