CVE-2021-38555

Name of the Vulnerable Software and Affected Versions Any23 versions prior to 2.5

Description An XML external entity (XXE) injection issue was discovered in the Any23 StreamUtils.java file. This is a web security issue that allows an attacker to interfere with an application's processing of XML data, potentially enabling them to view files on the application server filesystem and interact with back-end or external systems accessible by the application.

Recommendations For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting the processing of XML data to minimize the risk of exploitation.