CVE-2019-1000007: Code Injection

February 4, 2019 (updated February 15, 2019)

aioxmpp contains a code injection vulnerability in the aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data).

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000007
cwe.mitre.org/data/definitions/94.html
github.com/horazont/aioxmpp/pull/268
nvd.nist.gov/vuln/detail/CVE-2019-1000007

Detect and mitigate CVE-2019-1000007 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →