libxml2-audit-parser
libxml2-audit-parser
The libxml2 library is used to parse XML. When auditing such code, make sure that either the document being parsed is trusted or that the parsing options are safe to consume untrusted documents. In such case make sure DTD or XInclude documents cannot be loaded and there is no network access.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-611: Improper Restriction of XML External Entity Reference
OWASP:
- A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-611: Improper Restriction of XML External Entity Reference
OWASP:
- A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration