CVE-2018-1000822: Improper Restriction of XML External Entity Reference

December 20, 2018 (updated January 8, 2019)

The fess package contains an XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

References

github.com/codelibs/fess/issues/1851
nvd.nist.gov/vuln/detail/CVE-2018-1000822

Detect and mitigate CVE-2018-1000822 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →