http://okapiframework.org/wiki/index.php?action=history&feed=atom&title=XXE_Vulnerability_in_XLIFF2_LibraryXXE Vulnerability in XLIFF2 Library - Revision history2026-05-12T10:11:09ZRevision history for this page on the wikiMediaWiki 1.38.2http://okapiframework.org/wiki/index.php?title=XXE_Vulnerability_in_XLIFF2_Library&diff=832&oldid=prevOkapifra at 22:15, 23 March 20202020-03-23T22:15:08Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 18:15, 23 March 2020</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>An XXE vulnerability exists in the XLIFF2 Library prior version 1.<del style="font-weight: bold; text-decoration: none;">9</del>.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>An XXE vulnerability exists in the XLIFF2 Library prior <ins style="font-weight: bold; text-decoration: none;">in </ins>version 1.<ins style="font-weight: bold; text-decoration: none;">1.10 and prior versions</ins>.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The vulnerability is caused by the lack of security flags preventing before using the validate function on the <code>schemaFactory</code> object.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The vulnerability is caused by the lack of security flags preventing before using the validate function on the <code>schemaFactory</code> object.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The problem has been resolved in version 1.<del style="font-weight: bold; text-decoration: none;">9</del>. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The problem has been resolved in version 1.<ins style="font-weight: bold; text-decoration: none;">1.11</ins>. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39<ins style="font-weight: bold; text-decoration: none;">.0</ins>.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:XLIFF]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:XLIFF]]</div></td></tr>
</table>Okapifrahttp://okapiframework.org/wiki/index.php?title=XXE_Vulnerability_in_XLIFF2_Library&diff=831&oldid=prevOkapifra: Created page with "An XXE vulnerability exists in the XLIFF2 Library prior version 1.9. The vulnerability is caused by the lack of security flags preventing before using the validate function o..."2020-03-23T22:11:30Z<p>Created page with "An XXE vulnerability exists in the XLIFF2 Library prior version 1.9. The vulnerability is caused by the lack of security flags preventing before using the validate function o..."</p>
<p><b>New page</b></p><div>An XXE vulnerability exists in the XLIFF2 Library prior version 1.9.<br />
<br />
The vulnerability is caused by the lack of security flags preventing before using the validate function on the <code>schemaFactory</code> object.<br />
<br />
The problem has been resolved in version 1.9. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.<br />
<br />
[[Category:XLIFF]]</div>Okapifra