Stephan Siano created CAMEL-8311: ------------------------------------ Summary: XML External Entity (XXE) injection in XmlConverter Key: CAMEL-8311 URL: https://issues.apache.org/jira/browse/CAMEL-8311 Project: Camel Issue Type: Bug Components: camel-core Affects Versions: 2.14.1, 2.13.3 Reporter: Stephan Siano
The XMLConverter will allow XMLExternalEntity (XXE) injection when converting XML Documents for SAXSource. DOM and StAX parsing is not affected as the respective feature is already set for those type converters (but not for the SAXSource conversion). See the unit test contained in the patch for details -- This message was sent by Atlassian JIRA (v6.3.4#6332)