XXE Vulnerability in XLIFF2 Library

From Okapi Framework
Revision as of 18:15, 23 March 2020 by Okapifra (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

An XXE vulnerability exists in the XLIFF2 Library prior in version 1.1.10 and prior versions.

The vulnerability is caused by the lack of security flags preventing before using the validate function on the schemaFactory object.

The problem has been resolved in version 1.1.11. In addition, as the library main component has been moved to the Okapi main project, the fix has been also applied in that code in version 1.39.0.

Retrieved from "http://okapiframework.org/wiki/index.php?title=XXE_Vulnerability_in_XLIFF2_Library&oldid=832"