Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-659

RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part III: Fastinfoset

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.3.2.Final
    • Fix Version/s: 2.3.3.Final
    • Component/s: jaxrs
    • Labels:
      None
    • Environment:

      ALL

    • Estimated Difficulty:
      Medium

      Description

      For description, see RESTEASY-637 and RESTEASY-647. I fixed the problem for org.w3c.dom.Document inputs and JAXB XML inputs, but not for fastinfoset representation.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ron_sigal Ron Sigal
                  Reporter:
                  adkathuria anuj kathuria
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: