GMS-2016-67: XEE vulnerability

October 6, 2016

PySAML2 is vulnerable to XML External Entity attacks (XEE attacks) via SAML XML requests.

References

github.com/rohe/pysaml2/issues/366
www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

Code Behaviors & Features

Detect and mitigate GMS-2016-67 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →