CVE-2013-6408: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler

December 7, 2013 (updated July 17, 2014)

The DocumentAnalysisRequestHandler in this package does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

References

bugzilla.redhat.com/CVE-2013-6408
issues.apache.org/jira/browse/SOLR-5520

Code Behaviors & Features

Detect and mitigate CVE-2013-6408 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →