Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Configure SAXParserFactory to avoid XXE references
#KT-51519 Fixed
- Loading branch information
Showing
2 changed files
with
10 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9c78d57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@udalov - I believe that we initially received this report here:
https://www.huntr.dev/bounties/e9b2b1dd-ab65-48e2-8042-b53253649961
Can you confirm that this has been addressed via this commit SHA?
9c78d57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JamieSlome I don't have an account at that website so I can't confirm. But if it's the same problem as reported in https://youtrack.jetbrains.com/issue/KT-51519, then yes.
9c78d57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@udalov I gave access to you for KT-51519, can you please confirm that this fixing the issue reported in huntr using the comments in the report KT-51519
"I originally reported this in huntr https://www.huntr.dev/bounties/e9b2b1dd-ab65-48e2-8042-b53253649961/"
9c78d57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@udalov - I cannot get access to KT-51519, would you be able to e-mail me at
jamie@418sec.com
with the details of the issue, or perhaps I can share the details of the report we have received, and we can confirm whether the two reports are the same?9c78d57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JamieSlome I guess it is the same issue, because the huntr link you've provided matches with the link originally reported by @ready-research in KT-51519 (which is now indeed private).
9c78d57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@udalov - we would just be eager to compare if possible, just so we can check the report has been validated/approved by your team.
Could I send you the details via e-mail received in our report, just in case our reports don't match up? Don't want to share a potential vulnerability that may not have been addressed by your team. Let me know what works for you 👍
9c78d57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, I've sent you an email.
9c78d57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Appreciate it @udalov 👍