cstc issues

[Security] XmlFullSignature operation is vulnerable to XML External Entity Injection (XXE)

1

**Attention**: The `XmlFullSignature` operation is vulnerable to XXE. This has the following implications: 1) Depending on your use case of *CSTC*, you are directly vulnerable to this attack. E.g. if...

lauritzh

Update XmlFullSignature.java

Disable external Entities (https://github.com/usdAG/cstc/issues/69).

lauritzh

Bump jackson-databind from 2.11.1 to 2.13.3

Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.11.1 to 2.13.3. Commits See full diff in compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.fasterxml.jackson.core:jackson-databind&package-manager=maven&previous-version=2.11.1&new-version=2.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

dependencies

Bump maven-compiler-plugin from 3.7.0 to 3.10.1

Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.7.0 to 3.10.1. Release notes Sourced from maven-compiler-plugin's releases. 3.10.1 🚀 New features and improvements [MCOMPILER-426] - add flag to enable-preview java compiler feature (#98) @olamy 🐛...

dependabot[bot]

dependencies

Bump burp-extender-api from 1.7.22 to 2.3

Bumps [burp-extender-api](https://github.com/PortSwigger/burp-extender-api) from 1.7.22 to 2.3. Commits See full diff in compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=net.portswigger.burp.extender:burp-extender-api&package-manager=maven&previous-version=1.7.22&new-version=2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

dependencies

Bump bcprov-jdk15on from 1.59 to 1.70

Bumps [bcprov-jdk15on](https://github.com/bcgit/bc-java) from 1.59 to 1.70. Changelog Sourced from bcprov-jdk15on's changelog. 2.1.1 Version Release: 1.70 Date: 2021, November 29th. ... (truncated) Commits See full diff in compare view [![Dependabot compatibility...

dependabot[bot]

dependencies

Bump commons-text from 1.8 to 1.9

Bumps commons-text from 1.8 to 1.9. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.commons:commons-text&package-manager=maven&previous-version=1.8&new-version=1.9)](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

dependencies

Add Reverse operation

2

kaimi-

Add Clear button & clear on state restore

1

kaimi-

enhancement

Lane test feature broken

The operations test feature seems to be broken: Steps to reproduce: 1. Paste a request or response into the "Input" field in the upper right corner of the CSTC window...

LMRupp

cstc
cstc copied to clipboard

Metadata

[Security] XmlFullSignature operation is vulnerable to XML External Entity Injection (XXE)

Update XmlFullSignature.java

Bump jackson-databind from 2.11.1 to 2.13.3

Bump maven-compiler-plugin from 3.7.0 to 3.10.1

Bump burp-extender-api from 1.7.22 to 2.3

Bump bcprov-jdk15on from 1.59 to 1.70

Bump commons-text from 1.8 to 1.9

Add Reverse operation

Add Clear button & clear on state restore

Lane test feature broken

← Metadata

Owner

Metadata

cstc cstc copied to clipboard

Metadata

← Metadata

Owner

Metadata

cstc
cstc copied to clipboard