Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XXE Vulnerability #903

Closed
itsacoderepo opened this issue Jan 4, 2019 · 2 comments
Closed

XXE Vulnerability #903

itsacoderepo opened this issue Jan 4, 2019 · 2 comments

Comments

@itsacoderepo
Copy link

Hello,

i have tested the fix for the XXE vulnerability of the issue 889.

Unfortunately, the vulnerability is still present in version 3.3.0, see the image below.

image

Additional information on how to prevent such kind of issues can be found on https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet.

Thank you and best regards
@binarywang
Copy link
Member

Thank you for your information, we will check it, and fix it if necessary.

binarywang added a commit that referenced this issue Jan 10, 2019
@binarywang
#903 disable DOCTYPE to fix XXE Vulnerability
8ec61d1
@binarywang
Copy link
Member

The new test version of 3.3.2.B has fixed this.

Closed
@q5438722 q5438722 mentioned this issue Dec 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@binarywang @itsacoderepo