CVE-2024-2374

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description XML parsers in several products fail to properly configure the handling of user-supplied XML data to prevent the resolution of external entities. This allows attackers to use crafted XML payloads to include external resources, enabling the reading of confidential files from the file system and access to limited reachable HTTP resources. This issue can also be used to cause a denial of service by fetching large external resources or through recursive entity expansion, which exhausts server resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.