CVE-2018-0765: Improper Restriction of XML External Entity Reference

October 16, 2018 (updated August 31, 2021)

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka “.NET and .NET Core Denial of Service Vulnerability.” This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

References

github.com/advisories/GHSA-35hc-x2cw-2j4v
nvd.nist.gov/vuln/detail/CVE-2018-0765

Code Behaviors & Features

Detect and mitigate CVE-2018-0765 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →