|
|
|
|
|
|
by rb12345
1772 days ago
|
|
|
There were similar issues more recently (2018/19) with custom XML entities or comments. The XML signature was unaffected, but if code used the equivalent of element.children[0] to get the contents, it was possible for attackers to truncate the attribute values seen by the service provider library. |
|
|