This vulnerability affects the SimpleXMLProvider in Restlet. The affected code allows a remote attacker to potentially access arbitrary files on the system by sending a request with maliciously crafted XML data to a REST API built with Restlet. If you use a combination of both Restlet and Simple XML then your application is very likely affected. External References: https://lgtm.com/blog/restlet_CVE-2017-14868 Upstream issue: https://github.com/restlet/restlet-framework-java/issues/1286 Upstream patch: https://github.com/restlet/restlet-framework-java/commit/7c2636718c284598da0eed0839ef69bfccf48071