subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Weimer ...@deneb.enyo.de>
Subject mod_dontdothat does not inhibit XML entity expansion
Date Sat, 23 Apr 2016 15:55:23 GMT
It seems that mod_dontdothat creates an Expat XML parser without
inhibiting XML entity expansion for the internal DTD subset.  This
might cause a denial-of-service issue when parsing client-submitted
XML.

There are other pieces of code in Subversion which also create Expat
parsers this way, but they are in the client code, so there is less
exposure.

May I file an issue for this?

Thanks,
Florian

Mime
View raw message