[ https://issues.apache.org/jira/browse/JUDDI-987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16358615#comment-16358615 ]
ASF subversion and git services commented on JUDDI-987: ------------------------------------------------------- Commit 442fb55723cf1af1490395b2b005e787026801b3 in juddi's branch refs/heads/master from [~spyhunter99] [ https://git-wip-us.apache.org/repos/asf?p=juddi.git;h=442fb55 ] JUDDI-987 adding security advisory > CVE-2018-1307 XML Entity Expansion > ---------------------------------- > > Key: JUDDI-987 > URL: https://issues.apache.org/jira/browse/JUDDI-987 > Project: jUDDI > Issue Type: Bug > Components: core > Affects Versions: 3.2, 3.2.1, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4 > Reporter: Alex O'Ree > Assignee: Alex O'Ree > Priority: Major > Fix For: 3.3.5 > > > CVEID CVE-2018-1307 > > VERSION: 3.2 through 3.3.4 > > PROBLEMTYPE: XML Entity Expansion > > REFERENCES: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267] > > DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local > or remote XML document and then mediates the data structures into UDDI data > structures, there are little protections present against entity expansion and > DTD type of attacks. This was fixed with > https://issues.apache.org/jira/browse/JUDDI-987 > > Severity: Moderate > > Mitigation: > > Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue > use of the effected classes. -- This message was sent by Atlassian JIRA (v7.6.3#76005)