Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Take care of XXE (Xml eXternal Entity) Attack #126

Closed
pitbulk opened this issue Apr 29, 2014 · 1 comment
Closed

Take care of XXE (Xml eXternal Entity) Attack #126

pitbulk opened this issue Apr 29, 2014 · 1 comment
Assignees
@pitbulk

Comments

@pitbulk
Copy link
Collaborator

pitbulk commented Apr 29, 2014

XXE attacks: https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing

The ruby-saml uses Nokogiri at lib/xml_security.rb , 74

Read about this Nokogiri vulnerability issue:
sparklemotion/nokogiri#693
@pitbulk
Copy link
Collaborator Author

pitbulk commented Sep 9, 2014

Related to #125 . Also review this article:
http://www.wireharbor.com/hidden-security-risks-of-xml-parsing-xxe-attack/

@pitbulk pitbulk self-assigned this Oct 31, 2014
pitbulk added a commit that referenced this issue Dec 5, 2014
@pitbulk
Related to #125 and #126. Security issues: XXE Attacks
772b994
@pitbulk pitbulk closed this as completed Dec 5, 2014
@pitbulk pitbulk mentioned this issue Feb 4, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pitbulk pitbulk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pitbulk