Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Security: Fix XXE vulnerability in xslt_filter module. #925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Security: Fix XXE vulnerability in xslt_filter module. #925

wants to merge 1 commit into from
+2 −1

Conversation

@reyhkm
Copy link

@reyhkm reyhkm commented Oct 10, 2025

The XSLT filter module was vulnerable to XML External Entity (XXE) injection due to the use of the XML_PARSE_NOENT flag. This patch mitigates the vulnerability by removing the flag and explicitly disabling external entity loading, which is the recommended best practice for parsing untrusted XML.

@reyhkm
Security: Fix XXE vulnerability in xslt_filter module.
0b4b004 
The XSLT filter module was vulnerable to XML External Entity (XXE)
injection due to the use of the XML_PARSE_NOENT flag. This patch
mitigates the vulnerability by removing the flag and explicitly
disabling external entity loading, which is the recommended best
practice for parsing untrusted XML.
@github-actions
Copy link

github-actions bot commented Oct 10, 2025
edited
Loading

✅ All required contributors have signed the F5 CLA for this PR. Thank you!
Posted by the CLA Assistant Lite bot.

@reyhkm
Copy link
Author

reyhkm commented Oct 10, 2025

I have hereby read the F5 CLA and agree to its terms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reyhkm