CVE-2023-6836: Improper Restriction of XML External Entity Reference

December 15, 2023 (updated December 19, 2023)

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

References

nvd.nist.gov/vuln/detail/CVE-2023-6836
security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/

Detect and mitigate CVE-2023-6836 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →