[
https://issues.apache.org/jira/browse/HDFS-16766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jing updated HDFS-16766:
------------------------
Summary: XML External Entity (XXE) attacks can occur while processing XML
received from an untrusted source (was: XML External Entity (XXE) attacks can
occur when an XML parser supports XML entities while processing XML received
from an untrusted source)
> XML External Entity (XXE) attacks can occur while processing XML received
> from an untrusted source
> --------------------------------------------------------------------------------------------------
>
> Key: HDFS-16766
> URL: https://issues.apache.org/jira/browse/HDFS-16766
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Reporter: Jing
> Priority: Major
>
> XML External Entity (XXE) attacks can occur when an XML parser supports XML
> entities while processing XML received from an untrusted source. The attack
> resides in XML input containing references to an external entity an is parsed
> by the weakly configured javax.xml.parsers.DocumentBuilder XML parser.
>
> https://github.com/apache/hadoop/blob/trunk/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/util/ECPolicyLoader.java#L93
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
