Описание
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libxml2 | not-affected | package |
Примечания
https://gitlab.gnome.org/GNOME/libxml2/-/issues/761
Introduced with: https://gitlab.gnome.org/GNOME/libxml2/-/commit/481d79d44cf8ed864ed3d74edbeb96e8cd9ed4a7 (v2.11.0)
Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6
Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/de28e6ed3a7f18d3188dd18ac5b854b21e05d33a (v2.13.3)
Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c2b237174539db92f4504fbc5198d2f1561baca (v2.12.9)
Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ae8f0ac0a2900219c3d762ae0b513e199dcf19a5 (v2.11.9)
Связанные уязвимости
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
