Difference between revisions of "XXE Vulnerability in XLIFF2 Library"

From Okapi Framework
Jump to navigation Jump to search
(Created page with "An XXE vulnerability exists in the XLIFF2 Library prior version 1.9. The vulnerability is caused by the lack of security flags preventing before using the validate function o...")
(No difference)

Revision as of 18:11, 23 March 2020

An XXE vulnerability exists in the XLIFF2 Library prior version 1.9.

The vulnerability is caused by the lack of security flags preventing before using the validate function on the schemaFactory object.

The problem has been resolved in version 1.9. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.