CVE-2019-1010268

Name of the Vulnerable Software and Affected Versions: Ladon versions 0.6.1 and later

Description: The issue affects the SOAP request handlers component, allowing for XML External Entity (XXE) attacks. This can lead to information disclosure, enabling attackers to read files and access internal network endpoints. The attack vector involves sending a specially crafted SOAP call.

Recommendations: For versions 0.6.1 and later, consider disabling the SOAP request handlers until a patch is available to prevent exploitation. Restrict access to internal network endpoints to minimize the risk of information disclosure. Avoid using the affected SOAP interface until the issue is resolved.