CVE-2018-1309: Improper Restriction of XML External Entity Reference

May 23, 2018 (updated June 27, 2018)

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution.

References

nifi.apache.org/security.html
nvd.nist.gov/vuln/detail/CVE-2018-1309

Code Behaviors & Features

Detect and mitigate CVE-2018-1309 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →