CVE-2013-4701: Improper Restriction of XML External Entity Reference

August 21, 2013 (updated November 28, 2016)

Auth/Yadis/XML.php in PHP OpenID allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9

Detect and mitigate CVE-2013-4701 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →