XXE Vulnerability in XLIFF2 Library
Jump to navigation
Jump to search
An XXE vulnerability exists in the XLIFF2 Library prior in version 1.1.10 and prior versions.
The vulnerability is caused by the lack of security flags preventing before using the validate function on the schemaFactory
object.
The problem has been resolved in version 1.1.11. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.0.