CVE-2013-0339: Uncontrolled Resource Consumption

January 21, 2014 (updated May 5, 2016)

libxml2 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.

References

nvd.nist.gov/vuln/detail/cve-2013-0339

Detect and mitigate CVE-2013-0339 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →