Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-1130

CVE-2014-7839 External entities expanded by DocumentProvider

    XMLWordPrintable

    Details

      Description

      org.jboss.resteasy.plugins.providers.DocumentProvider does not correctly set external entity features for its internal DocumentBuilder instance.

      1. http://xml.org/sax/features/external-general-entities should be configured.
      2. http://xml.org/sax/features/external-parameter-entities should be configured.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                ron_sigal Ronald Sigal
                Reporter:
                ron_sigal Ronald Sigal
                Involved:
                Bill Burke, Katerina Odabasi, Pavel Polischouk, Weinan Li
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: