CVE-2018-1307: Improper Restriction of XML External Entity Reference

February 9, 2018 (updated March 8, 2018)

In Apache jUDDI, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks.

References

juddi.apache.org/security.html
issues.apache.org/jira/browse/JUDDI-987
nvd.nist.gov/vuln/detail/CVE-2018-1307

Detect and mitigate CVE-2018-1307 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →