CVE-2018-20843: Improper Restriction of XML External Entity Reference

June 24, 2019 (updated June 26, 2019)

libexpat in Expat, XML input including XML names that contain many colons could make the XML parser consume a high amount of RAM and CPU resources while processing, leading to a possible denial-of-service attack.

References

bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
github.com/libexpat/libexpat/issues/186
nvd.nist.gov/vuln/detail/CVE-2018-20843

Code Behaviors & Features

Detect and mitigate CVE-2018-20843 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →