[
https://issues.apache.org/jira/browse/CAMEL-8311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303149#comment-14303149
]
Stephan Siano edited comment on CAMEL-8311 at 2/3/15 12:02 PM:
---------------------------------------------------------------
I just saw that the XsltDTDTest was failing. However I don't see that it is an
error if the runtime reacts in the same way with allowStax=false as with
allowStax=true. Therefore I have changed the test.
was (Author: siano):
I just saw that the XsltDTDTest was failing. However I don't see that it is an
error of the runtime reacts in the same way with allowStax=false as with
allowStax=true. Therefore I have changed the test.
> XML External Entity (XXE) injection in XmlConverter
> ---------------------------------------------------
>
> Key: CAMEL-8311
> URL: https://issues.apache.org/jira/browse/CAMEL-8311
> Project: Camel
> Issue Type: Bug
> Components: camel-core
> Affects Versions: 2.13.3, 2.14.1
> Reporter: Stephan Siano
> Attachments:
> 0001-CAMEL-8311-XXE-vulnerability-in-XmlConverter-SAXSour.patch
>
>
> The XMLConverter will allow XMLExternalEntity (XXE) injection when converting
> XML Documents for SAXSource.
> DOM and StAX parsing is not affected as the respective feature is already set
> for those type converters (but not for the SAXSource conversion).
> See the unit test contained in the patch for details
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
