Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-659

RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part III: Fastinfoset

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.3.3.Final
    • 2.3.2.Final
    • jaxrs
    • None
    • Medium

    Description

      For description, see RESTEASY-637 and RESTEASY-647. I fixed the problem for org.w3c.dom.Document inputs and JAXB XML inputs, but not for fastinfoset representation.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. RESTEASY-668 RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part IV: Jettison

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. RESTEASY-669 RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part III: Fastinfoset

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. RESTEASY-647 RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part II

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              rsigal@redhat.com Ronald Sigal
              adkathuria_jira anuj kathuria (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: