[
https://issues.apache.org/jira/browse/CAMEL-8311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14304957#comment-14304957
]
Stephan Siano commented on CAMEL-8311:
--------------------------------------
I mixed up the patches a little. If you only apply this patch, you will get a
test error in camel-saxon. The fix for that accidentally run into the patch for
CAMEL-8312, however if you are ok with that I'd like to stop changing the
patches (tests will be fine if you apply the patch for CAMEL-8312 first).
> XML External Entity (XXE) injection in XmlConverter
> ---------------------------------------------------
>
> Key: CAMEL-8311
> URL: https://issues.apache.org/jira/browse/CAMEL-8311
> Project: Camel
> Issue Type: Bug
> Components: camel-core
> Affects Versions: 2.13.3, 2.14.1
> Reporter: Stephan Siano
> Assignee: Willem Jiang
> Attachments:
> 0001-CAMEL-8311-XXE-vulnerability-in-XmlConverter-SAXSour.patch
>
>
> The XMLConverter will allow XMLExternalEntity (XXE) injection when converting
> XML Documents for SAXSource.
> DOM and StAX parsing is not affected as the respective feature is already set
> for those type converters (but not for the SAXSource conversion).
> See the unit test contained in the patch for details
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
