CVE-2022-25312

Name of the Vulnerable Software and Affected Versions Any23 versions prior to 2.7

Description An XML external entity (XXE) injection issue was discovered in the Any23 RDFa XSLTStylesheet extractor. This issue allows an attacker to interfere with an application's processing of XML data, potentially enabling them to view files on the application server filesystem and interact with back-end or external systems that the application can access.

Recommendations For versions prior to 2.7, update to Apache Any23 2.7 to resolve the issue. As a temporary workaround, consider restricting the use of the extractor.rdfa.XSLTStylesheet class until a patch is available.