Details on WORDSNET-21674

gbette · February 11, 2022, 10:04am

Hi,

From the release notes of Aspose.Words .NET version 21.3 I understand that bug WORDSNET-21674 “Investigate and fix XXE vulnerabilities in Aspose.Words.Net” was resolved. Where can I find details on that bug? I need to know whether our software is affected by it.

Thanks in advance and best regards,
Gerrit

alexey.noskov · February 11, 2022, 12:09pm

@gbette Here is a good article about this vulnerability.
http://www.swat4net.com/owasp-top-4-xml-external-entities-xee/
Also, the following article might be useful for you:
https://docs.aspose.com/words/net/web-applications-security-when-loading-external-resources/