CVE-2019-10782: Improper Restriction of XML External Entity Reference

January 31, 2020 (updated August 19, 2021)

All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.

References

github.com/advisories/GHSA-763g-fqq7-48wg
github.com/checkstyle/checkstyle/commit/c46a16d177e6797895b195c288ae9a9a096254b8
github.com/checkstyle/checkstyle/issues/7468
github.com/checkstyle/checkstyle/security/advisories/GHSA-763g-fqq7-48wg
nvd.nist.gov/vuln/detail/CVE-2019-10782

Detect and mitigate CVE-2019-10782 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →