asterisk/main/xml.c at 21

mirror of https://github.com/asterisk/asterisk.git synced 2026-04-29 02:03:18 +00:00

Files

George Joseph eb910a7b0d xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.

The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack.  Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.

Resolves: #GHSA-85x7-54wr-vh42

2026-02-05 15:25:07 +00:00

14 KiB

Raw Permalink Blame History

View Raw

14 KiB Raw Permalink Blame History

14 KiB

Raw Permalink Blame History