CVE-2023-6836: Improper Restriction of XML External Entity Reference
(updated )
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
References
- github.com/advisories/GHSA-cr8h-fr86-8vfv
- github.com/wso2/carbon-analytics-common/commit/9478336859306d3ea13b25cb386f29c183707fde
- github.com/wso2/carbon-commons/commit/a08a587e3dd5146121a7b47a0fdd06ddbcd903f4
- github.com/wso2/carbon-event-processing/commit/e9953afd46a45f704de341a081f710cbdfa3f975
- github.com/wso2/carbon-governance/commit/ad36968d5a11d4fc35fa5cc4e8b5ae9a04e5bb4c
- github.com/wso2/carbon-registry/commit/738b2a0b3e5f118527da236467ed72d9fd9ce40e
- github.com/wso2/product-apim/commit/96e8f5d6566d57bbbb8d4257f6f55057a79d00b5
- nvd.nist.gov/vuln/detail/CVE-2023-6836
- security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/
Detect and mitigate CVE-2023-6836 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →