Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request: libxml2 external parsed entities issue
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Tue, 29 Oct 2013 08:53:08 +0100

libxml has an API to disable external entity expansion.

Are you talking about using xmlSetExternalEntityLoader()?

It works, but changing the libxml default behavior to not being
vulnerable to XXE seems a good idea.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]