CVE-2018-17202: Loop with Unreachable Exit Condition ('Infinite Loop')

May 14, 2019 (updated August 3, 2021)

Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

References

github.com/advisories/GHSA-g99m-3m46-4gm9
nvd.nist.gov/vuln/detail/CVE-2018-17202

Detect and mitigate CVE-2018-17202 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →