New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Injection in XSLT parser : switch to secure mode #209

Closed
nricheton opened this Issue Oct 19, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@nricheton
Copy link
Member

nricheton commented Oct 19, 2018

ESIGate supports esi:include tag along with the stylesheet attribute. This attribute can be a remote XSLT. This feature can allow an attacker to execute code on the remote server.

We have to switch the XSLT parser to secure mode in order to prevent execution of malicious commands inserted in stylesheets.

This bug was found by Benoit Côté-Jodoin and reported by Philippe Arteau from GoSecure

@nricheton nricheton added the bug label Oct 19, 2018

@nricheton nricheton added this to the 5.3 milestone Oct 19, 2018

@nricheton nricheton self-assigned this Oct 19, 2018

@nricheton

This comment has been minimized.

Copy link
Member

nricheton commented Oct 19, 2018

Fixed in 5.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment