CVE-2014-0225: Improper Restriction of XML External Entity Reference

May 25, 2017 (updated June 7, 2017)

When processing user provided XML documents, the Spring Framework does not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

References

www.gopivotal.com/security/cve-2014-0225
bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225

Detect and mitigate CVE-2014-0225 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →