go-xmpp icon indicating copy to clipboard operation
go-xmpp copied to clipboard
verified publisher icon FluuxIO

Golang XML vulnerabilities

Open mdosch opened this issue 5 years ago • 3 comments

FYI

https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md

mdosch avatar Dec 15 '20 09:12 mdosch

Ref: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/

licaon-kter avatar Dec 15 '20 12:12 licaon-kter

@mdosch, @licaon-kter: Thanks for this information :)

Neustradamus avatar Dec 15 '20 15:12 Neustradamus

Not sure if this is really problem for this library, i think what this vulnerability is that if you have element like <test:a xmlns:test="abc" xmlns:test2="abc"/> after parsing and serializing it back you could get <test2:a xmlns:test="abc" xmlns:test2="abc"/>, but i don't think this will be problem for us - we don't require original namespaces, and i don't even think we serialize back values that we parsed previously.

prefiks avatar Dec 15 '20 15:12 prefiks