CVE-2014-3530: Information Exposure

July 22, 2014 (updated January 4, 2018)

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

References

bugzilla.redhat.com/CVE-2014-3530

Code Behaviors & Features

Detect and mitigate CVE-2014-3530 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →