Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-23926: [XMLBEANS-517] Use safe XML parsers

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

CVE
Open in Source
#vulnerability#apache#js

Log inSkip to main contentSkip to sidebar

ASF JIRA

  • Dashboards

  • Projects

  • Issues

  • Help

    • Jira Core help
    • Keyboard Shortcuts
    • About Jira
    • Jira Credits

  • Log In

Uploaded image for project: 'XMLBeans'

  1. XMLBeans
  2. XMLBEANS-517

Log In

Export

XMLWordPrintableJSON

Details

  • **Type: ** Improvement

  • Status: Resolved

  • **Priority: ** Major

  • Resolution: Fixed

  • Affects Version/s: None

  • Fix Version/s: Version 3.0.0

  • Component/s: DOM

  • Labels:

    None

Description

Use XML parsers that enable security controls.

https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet

Attachments

Issue Links

is cloned by

Improvement - An improvement or enhancement to an existing feature or task. XMLBEANS-518 Support new XmlOptions to control XML parser settings

  • Major - Major loss of function.
  • Resolved

Activity

People

Assignee:

pj.fanning PJ Fanning

Reporter:

pj.fanning PJ Fanning

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

10/Jun/18 11:58

Updated:

18/Aug/18 14:45

Resolved:

10/Jun/18 11:59

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE