CVE-2021-39239: Improper Restriction of XML External Entity Reference

September 20, 2021 (updated September 21, 2021)

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

References

github.com/advisories/GHSA-7rp6-w7mg-h8rw
nvd.nist.gov/vuln/detail/CVE-2021-39239

Code Behaviors & Features

Detect and mitigate CVE-2021-39239 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →