GHSA-2g98-f9jv-w8c5: robrichards/xmlseclibs XPath injection

May 20, 2024

A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions.

References

github.com/FriendsOfPHP/security-advisories/blob/master/robrichards/xmlseclibs/2018-09-27.yaml
github.com/advisories/GHSA-2g98-f9jv-w8c5
github.com/robrichards/xmlseclibs
github.com/robrichards/xmlseclibs/commit/649032643f7aac493e91ca318da0339aec72aa4a

Detect and mitigate GHSA-2g98-f9jv-w8c5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →