Stephan Siano created CAMEL-8311:
------------------------------------
Summary: XML External Entity (XXE) injection in XmlConverter
Key: CAMEL-8311
URL: https://issues.apache.org/jira/browse/CAMEL-8311
Project: Camel
Issue Type: Bug
Components: camel-core
Affects Versions: 2.14.1, 2.13.3
Reporter: Stephan Siano
The XMLConverter will allow XMLExternalEntity (XXE) injection when converting
XML Documents for SAXSource.
DOM and StAX parsing is not affected as the respective feature is already set
for those type converters (but not for the SAXSource conversion).
See the unit test contained in the patch for details
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
