CVE-2014-3599: XXE due to insecure configuration of RestEasy

November 12, 2019 (updated November 14, 2019)

A remote attacker able to send XML requests to a REST endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

References

bugzilla.redhat.com/CVE-2014-3599
github.com/hornetq/hornetq/commit/b3a635763
issues.jboss.org/browse/HORNETQ-1390

Detect and mitigate CVE-2014-3599 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →