> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

<AccordionGroup>
  <Accordion title="command-injection-shell-call">
    A call to clojure.java.shell has been found, this could lead to an RCE if the inputs are user-controllable. Please ensure their origin is validated and sanitized.<br />**Likelihood**: MEDIUM<br />**Confidence**: LOW<br />**CWE**: <br />- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    <br />**OWASP**: <br />- A01:2017 - Injection
    <br />- A03:2021 - Injection
  </Accordion>

  <Accordion title="documentbuilderfactory-xxe">
    DOCTYPE declarations are enabled for javax.xml.parsers.SAXParserFactory. Without prohibiting external entity declarations, this is vulnerable to XML external entity attacks. Disable this by setting the feature "[http://apache.org/xml/features/disallow-doctype-decl](http://apache.org/xml/features/disallow-doctype-decl)" to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features "[http://xml.org/sax/features/external-general-entities](http://xml.org/sax/features/external-general-entities)" and "[http://xml.org/sax/features/external-parameter-entities](http://xml.org/sax/features/external-parameter-entities)" to false.<br />**Likelihood**: LOW<br />**Confidence**: HIGH<br />**CWE**: <br />- CWE-611: Improper Restriction of XML External Entity Reference
    <br />**OWASP**: <br />- A04:2017 - XML External Entities (XXE)
    <br />- A05:2021 - Security Misconfiguration
  </Accordion>

  <Accordion title="use-of-md5">
    MD5 hash algorithm detected. This is not collision resistant and leads to easily-cracked password hashes. Replace with current recommended hashing algorithms.<br />**Likelihood**: MEDIUM<br />**Confidence**: HIGH<br />**CWE**: <br />- CWE-328: Use of Weak Hash
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="use-of-sha1">
    Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Instead, use PBKDF2 for password hashing or SHA256 or SHA512 for other hash function applications.<br />**Likelihood**: MEDIUM<br />**Confidence**: HIGH<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />- CWE-328: Use of Weak Hash
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>
</AccordionGroup>