Date: Fri, 9 Feb 2018 10:58:08 -0500 From: "Alex O'Ree" <alexoree@...che.org> To: user@...di.apache.org, dev@...di.apache.org, security@...che.org, oss-security@...ts.openwall.com Subject: [Security] CVE-2018-1307 XML Entity Expansion in juddi-client v3.2 through 3.3.4 CVEID CVE-2018-1307 VERSION: 3.2 through 3.3.4 PROBLEMTYPE: XML Entity Expansion REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267 DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. This was fixed with https://issues.apache.org/jira/browse/JUDDI-987 Severity: Moderate Mitigation: Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use of the effected classes.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.