Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-647

RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part II

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: 2.3.1
    • Fix Version/s: 2.3.2.Final
    • Component/s: jaxrs
    • Labels:
      None
    • Environment:

      ALL

    • Estimated Difficulty:
      Medium

      Description

      For description, see RESTEASY-637. I fixed the problem for org.w3c.dom.Document inputs, but not for JAXB XML inputs.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ron_sigal Ron Sigal
                  Reporter:
                  adkathuria anuj kathuria
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: