XXE Vulnerability in XLIFF2 Library: Difference between revisions
Jump to navigation
Jump to search
(Created page with "An XXE vulnerability exists in the XLIFF2 Library prior version 1.9. The vulnerability is caused by the lack of security flags preventing before using the validate function o...") |
No edit summary |
||
Line 1: | Line 1: | ||
An XXE vulnerability exists in the XLIFF2 Library prior version 1. | An XXE vulnerability exists in the XLIFF2 Library prior in version 1.1.10 and prior versions. | ||
The vulnerability is caused by the lack of security flags preventing before using the validate function on the <code>schemaFactory</code> object. | The vulnerability is caused by the lack of security flags preventing before using the validate function on the <code>schemaFactory</code> object. | ||
The problem has been resolved in version 1. | The problem has been resolved in version 1.1.11. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.0. | ||
[[Category:XLIFF]] | [[Category:XLIFF]] |
Latest revision as of 18:15, 23 March 2020
An XXE vulnerability exists in the XLIFF2 Library prior in version 1.1.10 and prior versions.
The vulnerability is caused by the lack of security flags preventing before using the validate function on the schemaFactory
object.
The problem has been resolved in version 1.1.11. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.0.