CVE-2021-43090: Improper Restriction of XML External Entity Reference
(updated )
An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function.
References
- github.com/advisories/GHSA-pv39-qp28-4mgh
- github.com/membrane/soa-model/commit/19de16902468e7963cc4dc6b544574bc1ea3f251
- github.com/membrane/soa-model/commit/3aa295f155f621d5ea661cb9a0604013fc8fd8ff
- github.com/membrane/soa-model/issues/281
- github.com/membrane/soa-model/releases/tag/v1.6.4
- nvd.nist.gov/vuln/detail/CVE-2021-43090
Detect and mitigate CVE-2021-43090 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →