Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
4.0.3
-
None
-
None
-
None
Description
HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
Setting a maxOccurs value to unbounded can lead to resources exhaustion and ultimately a denial of service.
File: features/core/src/main/resources/org/apache/karaf/features/karaf-features-1.0.0.xsd
Line: 64
karaf-features-1.0.0.xsd, lines 64-77:
64 <xs:choice minOccurs="0" maxOccurs="unbounded">
65 <xs:element name="details" minOccurs="0" type="xs:string">
66 <xs:annotation>
67 <xs:documentation><![CDATA[
68 The help text shown for this feature when using the feature:info console command.
69 ]]>
70 </xs:documentation>
71 </xs:annotation>
72 </xs:element>
73 <xs:element name="config" type="tns:config" />
74 <xs:element name="configfile" type="tns:configFile" />
75 <xs:element name="feature" type="tns:dependency" />
76 <xs:element name="bundle" type="tns:bundle" />
77 </xs:choice>