CVE-2013-6407: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

December 7, 2013 (updated July 17, 2014)

This package allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

bugzilla.redhat.com/CVE-2013-6407
issues.apache.org/jira/browse/SOLR-5520

Detect and mitigate CVE-2013-6407 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →