You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Claus Ibsen (JIRA)" <ji...@apache.org> on 2015/03/02 13:02:05 UTC
[jira] [Resolved] (CAMEL-8311) XML External Entity (XXE) injection
in XmlConverter
[ https://issues.apache.org/jira/browse/CAMEL-8311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen resolved CAMEL-8311.
--------------------------------
Resolution: Fixed
Fix Version/s: 2.14.3
2.13.4
> XML External Entity (XXE) injection in XmlConverter
> ---------------------------------------------------
>
> Key: CAMEL-8311
> URL: https://issues.apache.org/jira/browse/CAMEL-8311
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.13.3, 2.14.1
> Reporter: Stephan Siano
> Assignee: Claus Ibsen
> Fix For: 2.13.4, 2.14.3, 2.15.0
>
> Attachments: 0001-CAMEL-8311-XXE-vulnerability-in-XmlConverter-SAXSour.patch
>
>
> The XMLConverter will allow XMLExternalEntity (XXE) injection when converting XML Documents for SAXSource.
> DOM and StAX parsing is not affected as the respective feature is already set for those type converters (but not for the SAXSource conversion).
> See the unit test contained in the patch for details
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)