Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xxe vulnerabilities #486

Closed
QiAnXinCodeSafe opened this issue Dec 11, 2018 · 3 comments
Closed

xxe vulnerabilities #486

QiAnXinCodeSafe opened this issue Dec 11, 2018 · 3 comments

Comments

@QiAnXinCodeSafe
Copy link

Hello, I am a member of the 360 Code Guard team. In our open source project code audit, we found that Pippo has xxE vulnerabilities. Details are as follows.
pippo/pippo-content-type-parent/pippo-jaxb/src/main/java/ro/pippo/jaxb/JaxbEngine.java
default
Because the XML parser does not disable dtd, xxE attacks can occur when content parameters are controlled by malicious attackers

@decebals
Copy link
Member

@360CodeSafe
Thanks! Do you have a solution? Can you create a PR?

@QiAnXinCodeSafe
Copy link
Author

I'm sorry,I don't currently have git installed on my computer, but I can give you a fix.
default

@decebals
Copy link
Member

decebals commented Dec 11, 2018

@360CodeSafe
The information supplied by you is enough for us to fix the problem. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants