XXE vulnerability when reading xml documents with Saxon

itplr-kosit / validator

Validates XML documents with XML Schema and Schematron

Apache License 2.0

80 stars 42 forks source link

Closed apenski closed 4 years ago

apenski commented 4 years ago

Validator 1.1.x is vulnerable to XXE attacks since reading files with saxon is not properly secured

apenski commented 4 years ago

fixed in 1.1.3

rkottmann commented 4 years ago

Thanks to Landeshauptstadt München IT@M for reporting