-
g.turri authored
This commit fixes the issue described on https://cwe.mitre.org/data/definitions/611.html Nb: it's mostly the same as ad6615b3 but with an added reference to org.apache.xerces in order to avoid the AbstractMethodError that was experienced by users back then. Nb2: writting down the payload with which I tested this patch, in case I need to run this test again in the future: <?xml version="1.0"?> <!DOCTYPE replace [<!ENTITY ent SYSTEM "http://localhost/malware"> ]> <methodResponse> <params> <param> <value><string>&ent;</string></value> </param> </params> </methodResponse>
456752eb
To find the state of this project's repository at the time of any of these versions, check out the tags.