CVE-2022-0671: Server-Side Request Forgery (SSRF)

February 19, 2022 (updated February 26, 2022)

A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.

References

github.com/advisories/GHSA-52vv-3vf7-f7wh
github.com/eclipse/lemminx/blob/master/CHANGELOG.md
github.com/eclipse/lemminx/issues/1169
github.com/redhat-developer/vscode-xml/blob/master/CHANGELOG.md
nvd.nist.gov/vuln/detail/CVE-2022-0671

Detect and mitigate CVE-2022-0671 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →