XML External Entity vulnerability in map parser

From Freeplane - free mind mapping and knowledge management software

Revision as of 09:15, 23 April 2017 by Dimitry (talk | contribs) (Created page with "Reported on 2017/02/19 Fix released on 2017/04/15 Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regu%C5%82a-1a2689119/ ==Description of Vulnerability==...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to:navigation, search

Reported on 2017/02/19

Fix released on 2017/04/15

Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regu%C5%82a-1a2689119/

Description of Vulnerability

Vulnerability in FreePlane that allows you to download any file from victim's computer when the victim opens the malicious mindmap. The vulnerability pattern is described at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.

Retrieved from "https://www.freeplane.org/oldwiki/index.php?title=XML_External_Entity_vulnerability_in_map_parser&oldid=6027"

Security

Navigation menu