CVE-2016-4216: Moderate severity vulnerability that affects com.adobe.xmp:xmpcore

October 19, 2018 (updated September 16, 2021)

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

github.com/advisories/GHSA-qv32-7r6p-xhhh
nvd.nist.gov/vuln/detail/CVE-2016-4216

Detect and mitigate CVE-2016-4216 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →