[
https://issues.apache.org/jira/browse/LOG4NET-575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16161981#comment-16161981
]
karthik kumar balasundaram commented on LOG4NET-575:
----------------------------------------------------
Sure Dominik,
Yes I would like to send an email. Please provide the forum details and I will
send the email.
Regards,
Karthik Balasundaram
> log4net function having XXE vulnerability
> ------------------------------------------
>
> Key: LOG4NET-575
> URL: https://issues.apache.org/jira/browse/LOG4NET-575
> Project: Log4net
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.0.7, 2.0.8
> Environment: Windows 7, C#, nuget, .NET 4.5 and Visual Studio 2012.
> Reporter: karthik kumar balasundaram
> Labels: patch
> Fix For: 2.0.7, 2.0.8
>
> Attachments: veracode_report.jpg
>
>
> Recently we ran veracode (security tool) for our application. Veracode gave
> us the report that log4net function 'void
> InternalConfigure(Repository.ILoggerRepository, System.IO.Stream)' has
> Improper Restriction of XML External Entity Reference (XXE) error. We are
> seeing this vulnerability in both 2.0.7 and 2.0.8 versions.
> Attached screenshot for further reference.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
