CVE-2018-1000644: Improper Restriction of XML External Entity Reference

October 19, 2018 (updated September 2, 2021)

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

References

github.com/advisories/GHSA-6xq8-pvg4-3mf3
github.com/eclipse/rdf4j/issues/1056
nvd.nist.gov/vuln/detail/CVE-2018-1000644

Code Behaviors & Features

Detect and mitigate CVE-2018-1000644 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →