CVE-2018-1000844: Improper Restriction of XML External Entity Reference

December 20, 2018 (updated July 1, 2019)

Square Open Source Retrofit contains an XML External Entity (XXE) vulnerability in JAXB. An attacker could use this to remotely read files from the file system or to perform SSRF.

References

nvd.nist.gov/vuln/detail/CVE-2018-1000844

Detect and mitigate CVE-2018-1000844 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →