CVE-2016-9318: Improper Restriction of XML External Entity Reference
(updated )
libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
References
Detect and mitigate CVE-2016-9318 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →