Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Security vulnerability to XML External Entity (XXE) attacks
See original GitHub issue * JGraphT version: 1.3.0
* Java version (java -version)/platform: 1.8
Issue JGrapht 1.3.0 has a dependency in https://github.com/jgrapht/jgrapht/blob/master/jgrapht-ext/pom.xml#L69 to vulnerable jgraphx version 3.4.1.3. This vulnerability is fixed since 3.7.6 jgraphx version
Steps to reproduce (small coding example) Vulnerability details: https://nvd.nist.gov/vuln/detail/CVE-2017-18197
Expected behaviour No vulnerability exists
Other information
Issue Analytics
- State:
- Created 4 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
XML External Entity (XXE) Processing - OWASP Foundation
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input...
Read more >XML External Entity (XXE) Vulnerabilities and How to Fix Them
XXE (XML External Entity Injection) is a common web-based security vulnerability that enables an attacker to interfere with the processing of XML data...
Read more >XML external entity attack - Wikipedia
XML External Entity attack (XXE attack) is a type of attack against an application that parses XML input. This attack occurs when XML...
Read more >How to Execute an XML External Entity Injection (XXE) | Cobalt
An XML External Entity vulnerability is a type of attack against an application that parses XML input. This attack occurs when XML input ......
Read more >XML External Entity (XXE) Attacks and How to Avoid Them
XXE injection attacks exploit support for XML external entities and are used against web applications that process XML inputs.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’ve opened PR #774 to address this. What could possibly go wrong with using something from a guy who works for a company named Netcracker? 😃
But seriously, his github repo looks good, and he works on other projects (such as Calcite) that I’m familiar with. I’ll leave it for whoever merges this to give it the final blessing.
Any chance this could be resolved in near future?