GHSA-6rpq-6vv2-5222MediumCVSS 5.9

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API...

Published
June 10, 2026
Last Modified
June 10, 2026

🔗 CVE IDs covered (1)

📋 Description

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next executed.

Affected versions: Spring REST Docs 4.0.0; 3.0.0 through 3.0.5; 2.0.0.RELEASE through 2.0.8.RELEASE.

🔗 References (3)