CVE-2024-34345: @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
XML External entity injections could be possible, when running the provided XML Validator on arbitrary input.
References
- github.com/CycloneDX/cyclonedx-javascript-library
- github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203
- github.com/CycloneDX/cyclonedx-javascript-library/pull/1063
- github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7
- github.com/advisories/GHSA-38gf-rh2w-gmj7
- nvd.nist.gov/vuln/detail/CVE-2024-34345
Code Behaviors & Features
Detect and mitigate CVE-2024-34345 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →