This repository was archived by the owner on Jul 19, 2024. It is now read-only.
This repository was archived by the owner on Jul 19, 2024. It is now read-only.
XML External Entity Injection #22
Description
Hello:
We found a problem about XML External Entity Injection in vsts-authentication-library-for-java.
com.microsoft.alm.storage.InsecureFileBackend.java
The xml external entity is not disabled when parsing the xml. When parsing the xml controlled by the attacker, there is an xml external entity injection risk.