hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Barani Bikshandi <bbar...@gmail.com>
Subject Weakly Configured XML External Entity for Java JAXBContext
Date Tue, 10 Mar 2020 17:07:42 GMT
I was notified of a security issue recently in the below package. Is there a plan to fix this
vulnerability in near future? 

Risk Name
Weakly Configured XML External Entity for Java JAXBContext

Vulnerability
An attacker can inject untrusted data into applications which may result in the disclosure
of confidential data, denial of service, server side request forgeries or port scanning.

Code:
/hbase/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/client/RemoteAdmin.java

Mitigation:
We require that XML processors need to be configured properly to prevent XXE (XML External
Entity) attack when an application handles data from untrusted source.

Mime
View raw message