camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claus Ibsen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CAMEL-8311) XML External Entity (XXE) injection in XmlConverter
Date Sun, 01 Mar 2015 12:54:04 GMT

     [ https://issues.apache.org/jira/browse/CAMEL-8311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Claus Ibsen updated CAMEL-8311:
-------------------------------
    Fix Version/s:     (was: 2.14.3)
                       (was: 2.15.1)
                   2.15.0

> XML External Entity (XXE) injection in XmlConverter
> ---------------------------------------------------
>
>                 Key: CAMEL-8311
>                 URL: https://issues.apache.org/jira/browse/CAMEL-8311
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-core
>    Affects Versions: 2.13.3, 2.14.1
>            Reporter: Stephan Siano
>            Assignee: Willem Jiang
>             Fix For: 2.15.0
>
>         Attachments: 0001-CAMEL-8311-XXE-vulnerability-in-XmlConverter-SAXSour.patch
>
>
> The XMLConverter will allow XMLExternalEntity (XXE) injection when converting XML Documents
for SAXSource.
> DOM and StAX parsing is not affected as the respective feature is already set for those
type converters (but not for the SAXSource conversion).
> See the unit test contained in the patch for details



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message