CVE-2011-1483: Uncontrolled Resource Consumption

July 29, 2013 (updated October 9, 2019)

wsf/common/DOMUtils.java does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

Code Behaviors & Features

Detect and mitigate CVE-2011-1483 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →