CVE-2021-43142: Improper Restriction of XML External Entity Reference

March 30, 2022 (updated April 6, 2022)

An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput.

References

github.com/advisories/GHSA-fcrx-8829-jpqx
novysodope.github.io/2021/10/29/64/
nvd.nist.gov/vuln/detail/CVE-2021-43142

Detect and mitigate CVE-2021-43142 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →