CVE-2013-6429: XML External Entity (XXE) injection

January 26, 2014 (updated June 5, 2019)

The SourceHttpMessageConverter in this package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML.

References

www.gopivotal.com/security/cve-2013-6429
bugzilla.redhat.com/CVE-2013-6429

Code Behaviors & Features

Detect and mitigate CVE-2013-6429 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →