Vulnerabilities > Restlet > Restlet > 2.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-14949 | XXE vulnerability in Restlet Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. | 5.0 |
| 2017-11-30 | CVE-2017-14868 | XXE vulnerability in Restlet Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. | 5.0 |