CVE-2014-1868 — Moderate severity vulnerability that affects org.restlet.jse:org.restlet

Description

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.

How to fix CVE-2014-1868

To remediate CVE-2014-1868, upgrade the affected package to a fixed version below.

Maven/org.restlet.jse:org.restlet—upgrade to 2.1.7 or later

Is CVE-2014-1868 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 2.1.0, < 2.1.7

References (6)

ADVISORYgithub.com/advisories/GHSA-73cq-fhp3-8rpw
ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-1868
PATCHgithub.com/restlet/restlet-framework-java
WEBsecunia.com/advisories/56940
WEB