Skip to content
This repository has been archived by the owner on Jun 1, 2022. It is now read-only.

XML external entity (XXE) vulnerability #783

Closed
Sami32 opened this issue Sep 24, 2018 · 4 comments
Closed

XML external entity (XXE) vulnerability #783

Sami32 opened this issue Sep 24, 2018 · 4 comments
Assignees
@mseeley
Labels
priority:high

Comments

@Sami32
Copy link

Sami32 commented Sep 24, 2018

Following the official security report:
https://www.exploit-db.com/exploits/45146/

In case you was not aware of the Cling maintainer answer:
4thline/seamless#9 (comment)
@mseeley
Copy link
Contributor

mseeley commented Nov 26, 2018

Thanks @Sami32, we followed up internally about this issue. We'll finish this off updating our app.

@mseeley mseeley self-assigned this Nov 27, 2018
@mseeley
Copy link
Contributor

mseeley commented Nov 28, 2018
edited
Loading

From my investigation we don't build a libxml2 or libxslt dependency for Plex Media Player.

@Sami32 the security report you mentioned links to a Plex Media Server exploit. Did you by chance open this issue as a general notification to us that our server had an issue and not that the player built out of this repository had an issue?

Plex Media Server itself shipped a fix for CVE-2018-13415 in 1.13.6 on Aug 22, 2018.

@Sami32
Copy link
Author

Sami32 commented Nov 28, 2018
edited
Loading

Yes, it was a general notification.

Oh i wasn't that you did fixed this issue already +1
Sorry for the noise :/

@Sami32 Sami32 closed this as completed Nov 28, 2018
@mseeley
Copy link
Contributor

mseeley commented Nov 28, 2018

No worries at all. We appreciate you looking out for our software and our users!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mseeley mseeley

Labels
priority:high
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mseeley @Sami32