CVE-2022-40705: Improper Restriction of XML External Entity Reference

September 23, 2022 (updated September 27, 2022)

** UNSUPPORTED WHEN ASSIGNED ** An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

www.openwall.com/lists/oss-security/2022/09/22/1
github.com/advisories/GHSA-jq8c-j47c-vvwm
lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl
nvd.nist.gov/vuln/detail/CVE-2022-40705

Code Behaviors & Features

Detect and mitigate CVE-2022-40705 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →