CVE-2013-4517: Java XML Signature DoS Attack

January 10, 2014 (updated November 8, 2018)

When applying Transforms this package allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

References

bugzilla.redhat.com/CVE-2013-4517
cwiki.apache.org/confluence/download/attachments/27821224/cve-2013-4517.txt.asc

Detect and mitigate CVE-2013-4517 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →