oss-sec mailing list archives
Re: CVE Request: XXE vulnerability in Restlet
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Tue, 29 May 2012 21:20:22 +0200
Please use CVE-2012-2656 for this issue.
Thanks !
Also is there a specific source file/etc that contains the fix?
The changelog refers to this change: https://github.com/restlet/restlet-framework-java/commit/115c17c1f9aab4bd431ae44a36741b86be4c5f53 However, this one (safer default values for options like "secureProcessing" and "expandingEntityRefs") seems much more relevant: https://github.com/restlet/restlet-framework-java/commit/ec692bd3b5e386261413210191b179fec22b6cd2 By the way, credits are wrong (I'm the original reporter) and should be fixed soon. Nicolas
Current thread:
- CVE Request: XXE vulnerability in Restlet Nicolas Grégoire (May 29)
- Re: CVE Request: XXE vulnerability in Restlet Kurt Seifried (May 29)
- Re: CVE Request: XXE vulnerability in Restlet Nicolas Grégoire (May 29)
- Re: CVE Request: XXE vulnerability in Restlet Kurt Seifried (May 29)