CVE-2018-17186: Improper Restriction of XML External Entity Reference

November 6, 2018 (updated January 31, 2019)

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

References

nvd.nist.gov/vuln/detail/CVE-2018-17186
syncope.apache.org/security

Code Behaviors & Features

Detect and mitigate CVE-2018-17186 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →