CVE-2015-5161: Improper Restriction of XML External Entity Reference

August 25, 2015 (updated December 23, 2016)

The Zend_Xml_Security::scan in ZendXml and Zend Framework, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.

References

framework.zend.com/security/advisory/ZF2015-06

Code Behaviors & Features

Detect and mitigate CVE-2015-5161 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →