GHSA-6rpq-6vv2-5222MediumCVSS 5.9
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API...
🔗 CVE IDs covered (1)
📋 Description
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next executed.
Affected versions: Spring REST Docs 4.0.0; 3.0.0 through 3.0.5; 2.0.0.RELEASE through 2.0.8.RELEASE.