Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-8312

XML External Entity (XXE) issue in XPath

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.13.3, 2.14.1
    • 2.13.4, 2.14.2, 2.15.0
    • camel-core
    • None
    • Patch Available
    • Unknown

    Description

      If the documentType of an XPath expression is set to a class for that no type converter exists and the data to which the expression is applied is of type WrappedFile or String the XPath will seem to work anyway. However this setup will create issues by using an InputSource created from the String or Generic file.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. CAMEL-8311 XML External Entity (XXE) issue in XmlConverter

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              davsclaus Claus Ibsen
              siano Stephan Siano
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: