CVE-2018-1321: Improper Input Validation

March 20, 2018 (updated April 25, 2019)

An administrator with report and template entitlements in Apache Syncope can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.

References

www.securityfocus.com/bid/103508
nvd.nist.gov/vuln/detail/CVE-2018-1321
www.exploit-db.com/exploits/45400/

Detect and mitigate CVE-2018-1321 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →