You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Josh Elser (JIRA)" <ji...@apache.org> on 2017/01/04 20:43:58 UTC

[jira] [Created] (HBASE-17424) Protect REST client against malicious XML responses.

Josh Elser created HBASE-17424:
----------------------------------

             Summary: Protect REST client against malicious XML responses.
                 Key: HBASE-17424
                 URL: https://issues.apache.org/jira/browse/HBASE-17424
             Project: HBase
          Issue Type: Bug
          Components: REST
            Reporter: Josh Elser
            Assignee: Josh Elser
             Fix For: 2.0.0, 1.3.0, 1.4.0, 1.2.5, 1.1.9


If, by some means, an unsuspecting REST server client would get a malformed response from the REST server, it could result in the client performing some unintended action from the XML parsing.

We should disable these extra options on the XML parser to prevent the possibility.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)