[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
XML XXE
From: |
Ivan Vučica |
Subject: |
XML XXE |
Date: |
Fri, 11 Apr 2014 13:46:31 +0000 |
Just pinging in case our NSXMLDocument implementation is vulnerable to XML XXE.
libxml2 after 2.9 has this disabled by default.
On iOS (and presumably OS X) one is safe only by specifying NSXMLNodeLoadExternalEntitiesNever.
I can't check right now, but if GNUstep does behave the same way as OS X/iOS, anyone writing network services and using GNUstep's NSXMLDocument may want to check that they are safe.