Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Injection in XSLT parser : switch to secure mode #209

Closed
nricheton opened this issue Oct 19, 2018 · 1 comment
Closed

Injection in XSLT parser : switch to secure mode #209

nricheton opened this issue Oct 19, 2018 · 1 comment
Assignees
@nricheton
Labels
bug security
Milestone
5.3

Comments

@nricheton
Copy link
Member

ESIGate supports esi:include tag along with the stylesheet attribute. This attribute can be a remote XSLT. This feature can allow an attacker to execute code on the remote server.

We have to switch the XSLT parser to secure mode in order to prevent execution of malicious commands inserted in stylesheets.

This bug was found by Benoit Côté-Jodoin and reported by Philippe Arteau from GoSecure
@nricheton nricheton added the bug label Oct 19, 2018
@nricheton nricheton added this to the 5.3 milestone Oct 19, 2018
@nricheton nricheton self-assigned this Oct 19, 2018
@nricheton
Copy link
Member Author

Fixed in 5.3

@nricheton nricheton mentioned this issue Oct 19, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nricheton nricheton

Labels
bug security
Projects
None yet
Milestone
5.3
Development

No branches or pull requests
1 participant
@nricheton