GHSA-cfmv-h8fx-85m7: xml2rfc has an arbitrary file read vulnerability

August 26, 2025

When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML.

References

github.com/advisories/GHSA-cfmv-h8fx-85m7
github.com/ietf-tools/xml2rfc
github.com/ietf-tools/xml2rfc/commit/f2b245bc0aeeac0667c8f74e976c466c5991f0e4
github.com/ietf-tools/xml2rfc/security/advisories/GHSA-cfmv-h8fx-85m7

Code Behaviors & Features

Detect and mitigate GHSA-cfmv-h8fx-85m7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →