Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-662

RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part II

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 3.0.4.Final
    • None
    • jaxrs
    • None
    • Medium

      For description, see RESTEASY-637. I fixed the problem for org.w3c.dom.Document inputs, but not for JAXB XML inputs.

      This is a clone of RESTEASY-647 for fix version 3.0-alpha-1.

      Since RESTEasy 3 is a major release, we can change the default to the safer behavior of not expanding external entities.

            rsigal@redhat.com Ronald Sigal
            adkathuria_jira anuj kathuria (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: