CVE-2024-51135

Name of the Vulnerable Software and Affected Versions: powertac-server version 1.9.0

Description: An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

Recommendations: For powertac-server version 1.9.0, consider disabling the DocumentBuilderFactory component until a patch is available to prevent exploitation of the XXE vulnerability. Restrict access to sensitive information and limit the execution of arbitrary code by implementing additional security measures, such as input validation and sanitization of XML entities.