Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix xxe injection vulnerability #3808

Merged
merged 1 commit into from Aug 31, 2021
Merged

Fix xxe injection vulnerability #3808

merged 1 commit into from Aug 31, 2021

Conversation

haby0
Copy link
Contributor

@haby0 haby0 commented Aug 31, 2021

The Validator class is not used correctly, resulting in an xxe injection vulnerability.

Fix xxe injection vulnerability
@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

8 similar comments
@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

@kie-ci
Copy link
Contributor

kie-ci commented Aug 31, 2021

Can one of the admins verify this patch?

@haby0
Copy link
Contributor Author

haby0 commented Aug 31, 2021

The new pr uses constants. @mariofusco

@haby0
Copy link
Contributor Author

haby0 commented Aug 31, 2021

@mariofusco Hello, can you create a Security Advisories? I want to try to apply for cve, thank you.

Reference: https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories

@mareknovotny
Copy link
Member

ok to test

@sonarcloud
Copy link

sonarcloud bot commented Aug 31, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@mariofusco mariofusco merged commit 42e2964 into kiegroup:main Aug 31, 2021
5 of 8 checks passed
@haby0
Copy link
Contributor Author

haby0 commented Sep 1, 2021

@haby0 haby0 deleted the patch-1 branch September 1, 2021 01:34
mariofusco added a commit that referenced this pull request Sep 1, 2021
@haby0
Copy link
Contributor Author

haby0 commented Oct 27, 2021

kiegroup/drools has new high-risk vulnerabilities.

@mareknovotny
Copy link
Member

@haby0 could you please report (what is the vulnerability) it on email address secalert@redhat.com or directly to me (mnovotny at redhat.com)?

tarilabs pushed a commit to tarilabs/drools that referenced this pull request Aug 31, 2022
* make Drools uber-jar friendly

* Update doc-content/drools-docs/src/main/asciidoc/ReleaseNotes/ReleaseNotesDrools.7.58.0.Final/uberjar-friendly-kie-conf.adoc

Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com>

* wip

* wip

Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com>
tarilabs pushed a commit that referenced this pull request Sep 5, 2022
* make Drools uber-jar friendly

* Update doc-content/drools-docs/src/main/asciidoc/ReleaseNotes/ReleaseNotesDrools.7.58.0.Final/uberjar-friendly-kie-conf.adoc

Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com>

* wip

* wip

Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
4 participants