CVE-2017-3206

Name of the Vulnerable Software and Affected Versions: Flamingo amf-serializer version 2.2.0

Description: The Java implementation of AMF3 deserializers in Flamingo amf-serializer allows external entity references (XXEs) from XML documents embedded within AMF3 messages. This could potentially expose sensitive data on the server, cause denial of service, or enable server-side request forgery if the XML parsing is handled incorrectly.

Recommendations: For version 2.2.0, consider disabling the AMF3 deserializer until a patch is available to prevent potential exploitation. Restrict access to sensitive data on the server and monitor for signs of denial of service or server-side request forgery.