gsoap is vulnerable to remote code execution. The WS-Addressing plugin functionality allows an attacker to execute arbitrary code on the host OS using a malicious SOAP request.
lists.fedoraproject.org/archives/list/[email protected]/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/
lists.fedoraproject.org/archives/list/[email protected]/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/
security-tracker.debian.org/tracker/CVE-2020-13576
talosintelligence.com/vulnerability_reports/TALOS-2020-1187