Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-17424

Protect REST client against malicious XML responses.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.3.0, 1.2.5, 1.1.9, 2.0.0
    • REST
    • None

    Description

      If, by some means, an unsuspecting REST server client would get a malformed response from the REST server, it could result in the client performing some unintended action from the XML parsing.

      We should disable these extra options on the XML parser to prevent the possibility.

      Attachments

        1. HBASE-17424.001.patch
          6 kB
          Josh Elser
        2. HBASE-17424.002.patch
          6 kB
          Josh Elser

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-19020 TestXmlParsing exception checking relies on a particular xml implementation without declaring it.

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              elserj Josh Elser
              elserj Josh Elser
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: