Difference between revisions of "XML External Entity vulnerability in map parser"

From Freeplane - free mind mapping and knowledge management software
(Created page with "Reported on 2017/02/19 Fix released on 2017/04/15 Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regu%C5%82a-1a2689119/ ==Description of Vulnerability==...")
 
 
Line 3: Line 3:
 
Fix released on 2017/04/15
 
Fix released on 2017/04/15
  
Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regu%C5%82a-1a2689119/
+
Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regula/
  
 
==Description of Vulnerability==
 
==Description of Vulnerability==
Vulnerability in FreePlane that allows you to download any file from victim's computer when the victim opens the malicious mindmap.
+
The vulnerability allowed to download any file from victim's computer when the victim opens the malicious mindmap.
 
The vulnerability pattern is described at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.
 
The vulnerability pattern is described at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.
  
 
[[Category:Security]]
 
[[Category:Security]]

Latest revision as of 11:09, 23 April 2017

Reported on 2017/02/19

Fix released on 2017/04/15

Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regula/

Description of Vulnerability

The vulnerability allowed to download any file from victim's computer when the victim opens the malicious mindmap. The vulnerability pattern is described at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.