CVE-2014-3490: Improper Restriction of XML External Entity Reference

August 19, 2014 (updated March 21, 2019)

RESTEasy does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

References

bugzilla.redhat.com/CVE-2014-3490

Detect and mitigate CVE-2014-3490 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →