CVE-2018-1321: Improper Input Validation

November 6, 2018 (updated September 21, 2021)

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.

References

github.com/advisories/GHSA-xgc9-9w4v-h33h
nvd.nist.gov/vuln/detail/CVE-2018-1321

Code Behaviors & Features

Detect and mitigate CVE-2018-1321 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →