Name of the Vulnerable Software and Affected Versions:

Terracotta Quartz Scheduler versions through 2.3.0

Description:

The issue is related to the `initDocumentParser` function in the `xml/XMLSchedulingDataProcessor.java` file of the Terracotta Quartz Scheduler library, which is associated with incorrect restriction of XML external entity references. This can allow a remote attacker to perform an XXE (XML External Entity) attack. The vulnerability can be exploited via a job description.

Recommendations:

For Terracotta Quartz Scheduler versions through 2.3.0, update to a version later than 2.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the `initDocumentParser` function in the `xml/XMLSchedulingDataProcessor.java` file until a patch is available. Avoid using the vulnerable `initDocumentParser` function in job descriptions until the issue is resolved.