Difference between revisions of "XML External Entity vulnerability in map parser"
From Freeplane - free mind mapping and knowledge management software
(Created page with "Reported on 2017/02/19 Fix released on 2017/04/15 Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regu%C5%82a-1a2689119/ ==Description of Vulnerability==...") |
|||
| Line 3: | Line 3: | ||
Fix released on 2017/04/15 | Fix released on 2017/04/15 | ||
| − | Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech- | + | Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regula/ |
==Description of Vulnerability== | ==Description of Vulnerability== | ||
| − | + | The vulnerability allowed to download any file from victim's computer when the victim opens the malicious mindmap. | |
The vulnerability pattern is described at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing. | The vulnerability pattern is described at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing. | ||
[[Category:Security]] | [[Category:Security]] | ||
Latest revision as of 11:09, 23 April 2017
Reported on 2017/02/19
Fix released on 2017/04/15
Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regula/
Description of Vulnerability
The vulnerability allowed to download any file from victim's computer when the victim opens the malicious mindmap. The vulnerability pattern is described at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.
