Is SAXParserFactory susceptible to XXE attacks?

Others 2022-04-21 21:06:50 views: 0
David Thielen :

We read our XML template files using javax.xml.parsers.SAXParserFactory. If there is XXE in the XML file we're reading, is there a way to turn off processing that?

thanks - dave

Skere :

Yes, it is by default susceptible to XXE attacks.

Consult this cheat sheet for properly configuring the parser:

To summarize, you'll want to configure the relevant vulnerabilities with SAXParserFactory.setFeature(foo, bar) documentation

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=81555&siteId=1
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com