It was found that Restlet applications which use XMLRepresentation or XML serializers, as provided by various extensions, are vulnerable to XML entity expansion attacks. A remote attacker could use this flaw to perform a denial of service attack through CPU or memory exhaustion.
Upstream bug: https://github.com/restlet/restlet-framework-java/issues/826 External References: https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements http://restlet.org/learn/2.1/changes Statement: Not affected. Restlet as shipped with various Red Hat products does not include any of the extensions affected by this flaw.