CVE-2019-6986: Improper Input Validation

January 28, 2019 (updated February 5, 2019)

SPARQL Injection in VIVO Vitro allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.

References

nvd.nist.gov/vuln/detail/CVE-2019-6986

Code Behaviors & Features

Detect and mitigate CVE-2019-6986 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →