[jira] [Closed] (XERCESC-2178) Missing XML Validation (Veracode)

Scott Cantor (Jira) Mon, 09 Dec 2019 09:41:14 -0800


     [ 
https://issues.apache.org/jira/browse/XERCESC-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Scott Cantor closed XERCESC-2178.
---------------------------------

> Missing XML Validation (Veracode)
> ---------------------------------
>
>                 Key: XERCESC-2178
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2178
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: Non-Validating Parser
>    Affects Versions: 2.8.0
>         Environment: AbstractDOMParser - Line 108.
>            Reporter: cw_dev
>            Priority: Major
>              Labels: Veracode, abstractdomparser
>         Attachments: AbstractDOMParser.PNG, AbstractDOMParser2.PNG
>
>
> Veracode flaw:
> By explicitly disabling XML validation, the application is making an 
> assumption that the data provided will conform to the expected format. This 
> can be dangerous if the parser does not properly handle malformed data.
> Recommendations:
> Validate all XML data against a DTD schema to prevent an attacker from 
> providing malicious or otherwise unexpected
> input.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Closed] (XERCESC-2178) Missing XML Validation (Veracode)

Reply via email to