CVE-2020-26258: Server-Side Request Forgery (SSRF)

December 16, 2020 (updated November 30, 2021)

XStream is a Java library to serialize objects to XML and back again. Users of XStream or below who still want to use XStream default block list can use a workaround described in more detailed in the referenced advisories.

References

nvd.nist.gov/vuln/detail/CVE-2020-26258

Detect and mitigate CVE-2020-26258 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →