There should not be insecure usage of XSL processors in deegree3.

Question

There should not be insecure usage of XSL processors in deegree3.

Closed this issue 6 months ago · 0 comments

In the latest version of deegree3, the file org.deegree.commons.xml.XsltUtils.java contains XSLT functionality no security parameters were added. This is highly risky, as XSLT vulnerabilities could lead to RCE, file reading, and other vulnerabilities. It is advisable to add security parameters, such as factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true).