Red Hat Build Of Apicurio Registry 3
Monthly
Server-side request forgery in Red Hat Build of Apicurio Registry 3 allows a Developer-role user to coerce the registry server into issuing HTTP requests to arbitrary internal URLs. The flaw stems from the WSDLReaderAccessor instantiating a wsdl4j WSDLReader with the javax.wsdl.importDocuments feature left enabled, so a crafted WSDL artifact with attacker-controlled import locations is fetched when content validation runs at FULL strictness. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; CVSS is 7.4 (scope-changed) and exploitation requires authenticated low-privilege access plus a non-default validation setting.
Server-side request forgery and denial of service in Red Hat Build of Apicurio Registry 3 stem from unsafe XML parsing in the ContentTypeUtil.isParsableXml() method, which builds a SAXParserFactory without secure processing or external-entity restrictions (CWE-611, XXE). An attacker with artifact-write permission - or any unauthenticated client when the registry runs in its default configuration - can upload a crafted XML artifact whose external DTD/entity references force the server to fetch attacker-chosen URLs (blind SSRF into internal networks) or expand nested entities for resource-exhaustion DoS. CVSS is 8.5 (scope-changed, high availability impact); no public exploit identified at time of analysis.
Server-side request forgery in Red Hat Build of Apicurio Registry 3 allows a Developer-role user to coerce the registry server into issuing HTTP requests to arbitrary internal URLs. The flaw stems from the WSDLReaderAccessor instantiating a wsdl4j WSDLReader with the javax.wsdl.importDocuments feature left enabled, so a crafted WSDL artifact with attacker-controlled import locations is fetched when content validation runs at FULL strictness. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; CVSS is 7.4 (scope-changed) and exploitation requires authenticated low-privilege access plus a non-default validation setting.
Server-side request forgery and denial of service in Red Hat Build of Apicurio Registry 3 stem from unsafe XML parsing in the ContentTypeUtil.isParsableXml() method, which builds a SAXParserFactory without secure processing or external-entity restrictions (CWE-611, XXE). An attacker with artifact-write permission - or any unauthenticated client when the registry runs in its default configuration - can upload a crafted XML artifact whose external DTD/entity references force the server to fetch attacker-chosen URLs (blind SSRF into internal networks) or expand nested entities for resource-exhaustion DoS. CVSS is 8.5 (scope-changed, high availability impact); no public exploit identified at time of analysis.