cvE-2014-3530: XXE via insecure DocumentBuilderFactory usage
(updated )
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory
method in this package expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.
References
Detect and mitigate cvE-2014-3530 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →