camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephan Siano (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CAMEL-8311) XML External Entity (XXE) injection in XmlConverter
Date Tue, 03 Feb 2015 09:59:34 GMT
Stephan Siano created CAMEL-8311:
------------------------------------

             Summary: XML External Entity (XXE) injection in XmlConverter
                 Key: CAMEL-8311
                 URL: https://issues.apache.org/jira/browse/CAMEL-8311
             Project: Camel
          Issue Type: Bug
          Components: camel-core
    Affects Versions: 2.14.1, 2.13.3
            Reporter: Stephan Siano


The XMLConverter will allow XMLExternalEntity (XXE) injection when converting XML Documents
for SAXSource.

DOM and StAX parsing is not affected as the respective feature is already set for those type
converters (but not for the SAXSource conversion).

See the unit test contained in the patch for details



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message