CVE-2018-17201: Improper Input Validation

May 6, 2019 (updated May 7, 2019)

Certain input files could make the parser hang when Apache Sanselan (aka Apache Commons Imaging) was used to parse them, which could be used in a DoS attack.

References

nvd.nist.gov/vuln/detail/CVE-2018-17201

Detect and mitigate CVE-2018-17201 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →