Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

XML generators should guard against problematic text strings #3

Closed
fweimer opened this issue Sep 21, 2015 · 0 comments
Closed

XML generators should guard against problematic text strings #3

fweimer opened this issue Sep 21, 2015 · 0 comments

Comments

@fweimer
Copy link

fweimer commented Sep 21, 2015

org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment(XMLWriter, String, int, int, int) does not check if the comment includes a "-->" sequence. This means that text contained in the command string could be interpreted as XML, possibly leading to XML injection issues, depending on how this method is being called.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fweimer