The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information.

This issue affects GMS: 9.3.4 and earlier versions.

Related CVEs

CVE-2024-29010

Key Information

GHSA ID

GHSA-8hp7-p44f-w939

Published

May 1, 2024 6:30 PM

Last Modified

May 1, 2024 6:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.