2 matches found
XML External Entity Injection (XXE)
Spring Integration is vulnerable to XML external entity injection XXE. The library does not filter malicious XML data input due to failing to disable the Document Type Definition External Entities by default...
XML External Entity (XXE) Injection
Onos Controller is vulnerable to XML external entitiy XXE injection attack. It is possible because the application does not disable Document Type Definition DTD External Entities by default, allowing a malicious user to inject malicious external entities through XML files...