Date: Fri, 22 Apr 2016 11:32:26 +1000 From: Brendan Scarvell <bscarvell@....net> To: oss-security@...ts.openwall.com Subject: CVE Request - XXE in Pentaho Business Analytics 18.104.22.168.386 Hi there, I've discovered an XXE vulnerability in Pentaho Business Analytics Community Edition 22.214.171.124.386 due to Pentaho's xml parser not disabling the parsing of external entities. This issue has been reported to the vendor several times, who has refused to fix it in the community edition unless an enterprise license is purchased. I've created a Github issue ( https://github.com/pentaho/data-access/issues/728) for someone in the community to submit a patch. Could a CVE ID please be assigned to this issue. Thanks, Brendan Scarvell
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.