CVE-2018-17186: Improper Restriction of XML External Entity Reference

November 6, 2018 (updated September 16, 2021)

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

References

github.com/advisories/GHSA-qfjv-998w-q48f
nvd.nist.gov/vuln/detail/CVE-2018-17186

Code Behaviors & Features

Detect and mitigate CVE-2018-17186 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →