CVE-2022-0839: Improper Restriction of XML External Entity Reference in Liquibase

March 5, 2022 (updated March 8, 2022)

The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.

References

github.com/advisories/GHSA-jvfv-hrrc-6q72
github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381
huntr.dev/bounties/f1ae5779-b406-4594-a8a3-d089c68d6e70
nvd.nist.gov/vuln/detail/CVE-2022-0839

Code Behaviors & Features

Detect and mitigate CVE-2022-0839 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →