Uploaded image for project: 'Talend DI components'
  1. Talend DI components
  2. TDI-48662

XML External Entity (XXE) in Talend/components (master)-calcite-core

Apply templateInsert Lucidchart Diagram
    XMLWordPrintable

Details

    • GreenHopper Ranking:
      0|i2k76z:
    • 9223372036854775807

    Description

      XML External Entity (XXE) in Talend/components (master)

      Issue Details

      • Vulnerability: XML External Entity (XXE)
      • Severity: High
      • Project: Talend/components
      • Branch: master
      • Scan Date: Unknown

      Issue Description

      Calcite Core is vulnerable to XML external entity attacks. A remote attacker is able to read the contents of confidential files through the use of SQL functions such as `EXISTS_NODE`, `EXTRACT_XML`, `XML_TRANSFORM` or `EXTRACT_VALUE` due to insecure business logic in `XmlFunctions.java`.

      View more details

      Attachments

        Activity

          People

            pteyssier pierre teyssier
            wwang Wei Wang
            Pengyu Zhou, qiyan liu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: