CVE-2020-10991 – org.mule.modules:mule-apikit-module

Package

Manager: maven
Name: org.mule.modules:mule-apikit-module
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00364 pctl0.57684

Details

Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Mulesoft APIkit ## Withdrawn Advisory This advisory has been withdrawn because it does not affected a package in a [supported ecosystem](https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-types-of-security-advisories). This link has been maintained to preserve external references. ## Original Description Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java

Metadata

Created: 2022-05-24T17:12:53Z
Modified: 2025-07-02T19:24:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jffq-528j-mp6c/GHSA-jffq-528j-mp6c.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-jffq-528j-mp6c
Finding: F083
Auto approve: 1