Do we still need the DMOZ parser?
On Sun, Jan 24, 2021 at 10:38 PM lewis john mcgibbney <[email protected]> wrote: > > Description: > > An XML external entity (XXE) injection vulnerability was discovered in the > Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external > entity injection (also known as XXE) is a web security vulnerability that > allows an attacker to interfere with an application's processing of XML data. > It often allows an attacker to view files on the application server > filesystem, and to interact with any back-end or external systems that the > application itself can access. > > > This issue is being tracked as NUTCH-2841 > > Credit: > > The Apache Nutch Project Management Committee would like to thank Martin > Heyden for reporting this issue to the Apache Security Team. We are indebted. > > > > -- > http://home.apache.org/~lewismc/ > http://people.apache.org/keys/committer/lewismc
