Post from 2024-12-26 16:38:33
I find CVE-2024-40896 (Raptor/libxml2 XXE) very educational:
Based on the analysis[1] it's a nice example of Chesterton’s Fence[2], while its discovery[3] underlines the importance of automated testing for regressions and known dangerous behavior.
[1]
https://www.openwall.com/lists/oss-security/2024/12/25/2
(thx
@
alexandreborges
for sharing!)
[2]
https://fs.blog/chestertons-fence/
[3]
https://gitlab.gnome.org/GNOME/libxml2/-/issues/761
permalink
|
main