102 matches found
DSA-2842-1 libspring-java - several
Bulletin has no description...
XML eXternal Entity (XXE) injection in Spring Framework
The Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. There are four possible source implementations passed to the unmarshaller: DOMSource, StAXSource, SAXSource and StreamSource. For a DOMSource, the XML has already been parsed by us...