https://bugzilla.redhat.com/show_bug.cgi?id=1801149
--- Doc Text *updated* by TEJ RATHI <trathi(a)redhat.com> ---
The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE)
through a job description. This issue stems from inadequate handling of XML external
entity (XXE) declarations in the initDocumentParser function within
xml/XMLSchedulingDataProcessor.java. By enticing a victim to access a maliciously crafted
job description (containing XML content), a remote attacker could exploit this
vulnerability to execute an XXE attack on the targeted system.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1801149