CVE-2018-17201: Improper Input Validation in Apache Sanselan

May 14, 2019 (updated August 3, 2021)

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

References

github.com/advisories/GHSA-rjx9-2936-9ffx
nvd.nist.gov/vuln/detail/CVE-2018-17201

Detect and mitigate CVE-2018-17201 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →