CVE-2018-1000840: Improper Restriction of XML External Entity Reference

December 20, 2018 (updated February 7, 2019)

Processing Foundation Processing version contains an XML External Entity (XXE) vulnerability in the loadXML(). An attacker can read arbitrary files and read their contents via HTTP requests.

References

nvd.nist.gov/vuln/detail/CVE-2018-1000840

Detect and mitigate CVE-2018-1000840 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →