CodeAnt AI home page

Dashboard
Dashboard

Demo Call with CEO

Get Started

CodeAnt AI
Setup
Control Center
Pull Request Review
IDE
Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
  - Lang
  - Libxml2
    - Security
      - Libxml2-audit-parser
      - Libxml2-expand-local-entities
      - Libxml2-expand-remote-dtd
        Libxml2 expand remote dtd
      - Libxml2-expand-xinclude
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Libxml2-expand-remote-dtd

Libxml2 expand remote dtd

libxml2-expand-remote-dtd

The application is using an XML parser that has not been safely configured. This might lead to XML External Entity (XXE) vulnerabilities when parsing user-controlled input. An attacker can include document type definitions (DTDs) or XIncludes which can interact with internal or external hosts. XXE can lead to other vulnerabilities, such as Local File Inclusion (LFI), Remote Code Execution (RCE), and Server-side request forgery (SSRF), depending on the application configuration. An attacker can also use DTDs to expand recursively, leading to a Denial-of-Service (DoS) attack, also known as a Billion Laughs Attack. If DTD is required for local files then pass the XML_PARSE_NONET option which will disable network access.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-611: Improper Restriction of XML External Entity Reference
OWASP:
- A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration

Libxml2 expand local entities Libxml2 expand xinclude

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.