libxml2-expand-local-entities
libxml2-expand-local-entities
The libxml2 parser is configured to process entities. Without other options such as processing DTDs or accessing remote entities from the network, it should not pose a risk except for memory exhaustion.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-611: Improper Restriction of XML External Entity Reference
OWASP:
- A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-611: Improper Restriction of XML External Entity Reference
OWASP:
- A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration