CVE-2021-47621: ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.
References
- docs.r3.com/en/platform/corda/4.8/enterprise/release-notes-enterprise.html
- github.com/advisories/GHSA-v2xm-76pq-phcf
- github.com/classgraph/classgraph
- github.com/classgraph/classgraph/commit/681362ad6b0b9d9abaffb2e07099ce54d7a41fa3
- github.com/classgraph/classgraph/pull/539
- github.com/classgraph/classgraph/releases/tag/classgraph-4.8.112
- nvd.nist.gov/vuln/detail/CVE-2021-47621
Code Behaviors & Features
Detect and mitigate CVE-2021-47621 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →