CVE-2014-3004: XML External Entity (XXE) attacks via a crafted XML document

June 11, 2014 (updated February 11, 2019)

The default configuration for the Xerces SAX Parser in this package allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.

References

seclists.org/fulldisclosure/2014/May/142
bugzilla.redhat.com/CVE-2014-3004

Detect and mitigate CVE-2014-3004 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →