[ https://issues.apache.org/jira/browse/CAMEL-8311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stephan Siano updated CAMEL-8311: --------------------------------- Attachment: 0001-CAMEL-8311-XXE-vulnerability-in-XmlConverter-SAXSour.patch > XML External Entity (XXE) injection in XmlConverter > --------------------------------------------------- > > Key: CAMEL-8311 > URL: https://issues.apache.org/jira/browse/CAMEL-8311 > Project: Camel > Issue Type: Bug > Components: camel-core > Affects Versions: 2.13.3, 2.14.1 > Reporter: Stephan Siano > Attachments: > 0001-CAMEL-8311-XXE-vulnerability-in-XmlConverter-SAXSour.patch > > > The XMLConverter will allow XMLExternalEntity (XXE) injection when converting > XML Documents for SAXSource. > DOM and StAX parsing is not affected as the respective feature is already set > for those type converters (but not for the SAXSource conversion). > See the unit test contained in the patch for details -- This message was sent by Atlassian JIRA (v6.3.4#6332)