CVE-2023-24189

Name of the Vulnerable Software and Affected Versions urule version 2.1.7

Description An XML External Entity (XXE) issue allows attackers to execute arbitrary code by uploading a crafted XML file to the "/urule/common/saveFile" API endpoint. This is achieved by exploiting the saveFile functionality, potentially allowing for unauthorized access and code execution.

Recommendations For urule version 2.1.7, consider disabling the saveFile functionality or restricting access to the "/urule/common/saveFile" API endpoint until a patch is available. Avoid using this endpoint with untrusted or unvalidated XML files to minimize the risk of exploitation.