CVE-2016-9318: Improper Restriction of XML External Entity Reference

November 16, 2016 (updated December 31, 2020)

libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

References

nvd.nist.gov/vuln/detail/CVE-2016-9318

Detect and mitigate CVE-2016-9318 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →