[jira] [Created] (HDFS-16766) XML External Entity (XXE) attacks can occur when an XML parser supports XML entities while processing XML received from an untrusted source

Jing (Jira) Fri, 09 Sep 2022 14:33:11 -0700

Jing created HDFS-16766:
---------------------------

             Summary: XML External Entity (XXE) attacks can occur when an XML 
parser supports XML entities while processing XML received from an untrusted 
source
                 Key: HDFS-16766
                 URL: https://issues.apache.org/jira/browse/HDFS-16766
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: security
            Reporter: Jing



XML External Entity (XXE) attacks can occur when an XML parser supports XML 
entities while processing XML received from an untrusted source. The attack 
resides in XML input containing references to an external entity an is parsed 
by the weakly configured javax.xml.parsers.DocumentBuilder XML parser.

 

https://github.com/apache/hadoop/blob/trunk/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/util/ECPolicyLoader.java#L93



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org

[jira] [Created] (HDFS-16766) XML External Entity (XXE) attacks can occur when an XML parser supports XML entities while processing XML received from an untrusted source

Reply via email to