CVE-2023-49733: Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability

November 30, 2023 (updated February 13, 2025)

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.

Users are recommended to upgrade to version 2.3.0, which fixes the issue.

References

github.com/advisories/GHSA-77jg-cpw9-73vg
github.com/apache/cocoon
lists.apache.org/thread/t87nntzt6dxw354zbqr9k7l7o1x8gq11
nvd.nist.gov/vuln/detail/CVE-2023-49733

Code Behaviors & Features

Detect and mitigate CVE-2023-49733 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →