XMLUnit is a Java library used for XML unit testing. It's designed to simplify the process of testing XML files, but in this case, it has been exploited by attackers to execute arbitrary code on vulnerable systems.
XMLUnit is a Java library used for XML unit testing. It's designed to simplify the process of testing XML files, but in this case, it has been exploited by attackers to execute arbitrary code on vulnerable systems.
You're affected if you use XMLUnit versions 2.10.0 or earlier. To check if your system is vulnerable, run the following command: xmlunit --version (if available) or find / -name "xmlunit.jar" (for a more thorough search).
Note that this vulnerability is specific to XMLUnit 2.x and does not affect previous versions.
To fix this vulnerability, upgrade to XMLUnit version 2.10.0 or later. You can do this by updating your Maven dependency:
<dependency>
<groupId>org.xmlunit</groupId>
<artifactId>xmlunit</artifactId>
<version>2.10.0</version>
</dependency>
Alternatively, you can download the patched version from the XMLUnit GitHub repository: https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b