CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
        • Aws-lambda
        • Gin
        • Gorilla
        • Gorm
        • Grpc
        • Jwt-go
        • Lang
          • Best practice
          • Correctness
          • Correctness
          • Maintainability
          • Memory
          • Security
          • Security
            • Audit
            • Audit
              • Crypto
              • Database
              • Net
              • Sqli
              • Xss
              • Xxe
            • Injection
        • Net
        • Otto
        • Secrets
        • Template
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    • Open Source
    • Blogs
    Audit

    Xxe

    parsing-external-entities-enabled

    Detected enabling of “XMLParseNoEnt”, which allows parsing of external entities and can lead to XXE if user controlled data is parsed by the library. Instead, do not enable “XMLParseNoEnt” or be sure to adequately sanitize user-controlled data when it is being parsed by this library.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration
    XssInjection
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.