XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
Created xmlrpc tracking bugs for this issue:
Affects: fedora-all [bug 1508111]
This issue has been addressed in the following products:
Red Hat Fuse 7.2
Via RHSA-2018:3768 https://access.redhat.com/errata/RHSA-2018:3768