CVE-2020-10991

Name of the Vulnerable Software and Affected Versions Mulesoft APIkit versions prior to 1.3.1

Description The issue allows XXE (XML External Entity) attacks due to a problem in the validation process, specifically in the RestXmlSchemaValidator.java file. This could potentially affect a large number of devices worldwide, although the exact number is not specified.

Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the validation/RestXmlSchemaValidator.java component until a patch is available. Restrict access to XML schema validation to minimize the risk of exploitation.