CVE-2018-11761: Improper Restriction of XML External Entity Reference

September 19, 2018 (updated November 12, 2019)

In Apache Tika, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a DoS.

References

www.securityfocus.com/bid/105514
nvd.nist.gov/vuln/detail/CVE-2018-11761

Code Behaviors & Features

Detect and mitigate CVE-2018-11761 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →