An important note to make is that even if the file is loaded from a trusted source, it should reference only files that come from trusted sources. DTD statements may slip through in this consideration. Note further that "https://"; is not a warranty for a trusted source, it only guarantees a secure transportation of information. The contents that are transported may be tampered with.
On Wed, 17 Jun 2020 at 17:13, Matt Sicker <boa...@gmail.com> wrote: > It's not an issue if the config file is a trusted source. It's > generally not a good idea to do that in the first place, either. > > On Wed, 17 Jun 2020 at 09:56, Venkamsetty, VenkataRao > <venkatrao.venkamse...@honeywell.com.invalid> wrote: > > > > Why this is an issue if the configuration file is loaded from trusted > source? > > > > On 2020/05/25 16:28:20, Suthish Nair <s...@gmail.com> wrote: > > > Hi,> > > > > > > Good Day!> > > > > > > Is there any mitigation or vulnerability fix available for .NET Core> > > > frameworks?> > > > > > > Please let me know.> > > > > > > Regards> > > > Suthish> > > > > > > > -- > Matt Sicker <boa...@gmail.com> > -- Dominik Psenner
