[jira] [Created] (XERCESC-2178) Missing XML Validation (Veracode)

Arno Hofmann (Jira) Tue, 08 Oct 2019 05:34:13 -0700

Arno Hofmann created XERCESC-2178:
-------------------------------------

             Summary: Missing XML Validation (Veracode)
                 Key: XERCESC-2178
                 URL: https://issues.apache.org/jira/browse/XERCESC-2178
             Project: Xerces-C++
          Issue Type: Bug
          Components: Non-Validating Parser
    Affects Versions: 2.8.0
         Environment: AbstractDOMParser - Line 108.



            Reporter: Arno Hofmann
         Attachments: AbstractDOMParser.PNG, AbstractDOMParser2.PNG

Veracode flaw:

By explicitly disabling XML validation, the application is making an assumption 
that the data provided will conform to the expected format. This can be 
dangerous if the parser does not properly handle malformed data.

Recommendations:
Validate all XML data against a DTD schema to prevent an attacker from 
providing malicious or otherwise unexpected
input.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (XERCESC-2178) Missing XML Validation (Veracode)

Reply via email to