CVE-2014-0225: Information disclosure via SSRF

May 25, 2017 (updated June 7, 2017)

This package did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

References

www.gopivotal.com/security/cve-2014-0225
bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225

Code Behaviors & Features

Detect and mitigate CVE-2014-0225 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →