CVE-2017-18197: Improper Restriction of XML External Entity Reference

February 23, 2018 (updated December 3, 2018)

In mxGraphViewImageReader, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks

References

nvd.nist.gov/vuln/detail/CVE-2017-18197

Detect and mitigate CVE-2017-18197 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →