You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried reporting this directly to the vendor privately but they won't fix the issue unless an enterprise edition is purchased. I'm posting a Github issue so hopefully someone can provide a patch for the community edition.
Pentaho's xml parser does not disable the parsing of external entities, which is turned on by default. This is a problem because an attacker can upload a malicious XML file and read arbitrary files off the server and send the contents to a remote server.
An example of the vulnerability exists when importing a new Manage Data Sources > Import Metadata.
The text was updated successfully, but these errors were encountered:
Hey guys,
I tried reporting this directly to the vendor privately but they won't fix the issue unless an enterprise edition is purchased. I'm posting a Github issue so hopefully someone can provide a patch for the community edition.
Pentaho's xml parser does not disable the parsing of external entities, which is turned on by default. This is a problem because an attacker can upload a malicious XML file and read arbitrary files off the server and send the contents to a remote server.
An example of the vulnerability exists when importing a new Manage Data Sources > Import Metadata.
The text was updated successfully, but these errors were encountered: