mirror
/
nginx
mirror of https://github.com/nginx/nginx
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Security: Fix XXE vulnerability in xslt_filter module. 

The XSLT filter module was vulnerable to XML External Entity (XXE)
injection due to the use of the XML_PARSE_NOENT flag. This patch
mitigates the vulnerability by removing the flag and explicitly
disabling external entity loading, which is the recommended best
practice for parsing untrusted XML.
This commit is contained in:
reyhkm 2025-10-10 21:28:47 +07:00 committed by GitHub
parent 78d1ab5a2c
commit 0b4b0042d7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/http/modules/ngx_http_xslt_filter_module.c
View File

@ -381,8 +381,9 @@ ngx_http_xslt_add_chunk(ngx_http_request_t *r, ngx_http_xslt_filter_ctx_t *ctx,
"xmlCreatePushParserCtxt() failed"); "xmlCreatePushParserCtxt() failed");
return NGX_ERROR; return NGX_ERROR;
} }
xmlCtxtUseOptions(ctxt, XML_PARSE_NOENT|XML_PARSE_DTDLOAD xmlCtxtUseOptions(ctxt, XML_PARSE_DTDLOAD
|XML_PARSE_NOWARNING); |XML_PARSE_NOWARNING);
xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
ctxt->sax->externalSubset = ngx_http_xslt_sax_external_subset; ctxt->sax->externalSubset = ngx_http_xslt_sax_external_subset;
ctxt->sax->setDocumentLocator = NULL; ctxt->sax->setDocumentLocator = NULL;