XXE Vulnerability in XLIFF2 Library: Difference between revisions

From Okapi Framework
Jump to navigation Jump to search
(Created page with "An XXE vulnerability exists in the XLIFF2 Library prior version 1.9. The vulnerability is caused by the lack of security flags preventing before using the validate function o...")
 
No edit summary
 
Line 1: Line 1:
An XXE vulnerability exists in the XLIFF2 Library prior version 1.9.
An XXE vulnerability exists in the XLIFF2 Library prior in version 1.1.10 and prior versions.


The vulnerability is caused by the lack of security flags preventing before using the validate function on the <code>schemaFactory</code> object.
The vulnerability is caused by the lack of security flags preventing before using the validate function on the <code>schemaFactory</code> object.


The problem has been resolved in version 1.9. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.
The problem has been resolved in version 1.1.11. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.0.


[[Category:XLIFF]]
[[Category:XLIFF]]

Latest revision as of 18:15, 23 March 2020

An XXE vulnerability exists in the XLIFF2 Library prior in version 1.1.10 and prior versions.

The vulnerability is caused by the lack of security flags preventing before using the validate function on the schemaFactory object.

The problem has been resolved in version 1.1.11. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.0.

Retrieved from "http://okapiframework.org/wiki/index.php?title=XXE_Vulnerability_in_XLIFF2_Library&oldid=832"