CVE-2013-6440: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

February 14, 2014 (updated March 5, 2014)

The BasicParserPool, StaticBasicParserPool, XML Decrypter, and SAML Decrypter in this package set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

References

bugzilla.redhat.com/CVE-2013-6440

Detect and mitigate CVE-2013-6440 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →