CVE-2014-0054: XML External Entities

April 17, 2014 (updated April 19, 2018)

This package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

References

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0054
www.pivotal.io/security/cve-2014-0054
jira.spring.io/browse/SPR-11376

Code Behaviors & Features

Detect and mitigate CVE-2014-0054 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →