Audit
Xxe
parsing-external-entities-enabled
parsing-external-entities-enabled
Detected enabling of “XMLParseNoEnt”, which allows parsing of external entities and can lead to XXE if user controlled data is parsed by the library. Instead, do not enable “XMLParseNoEnt” or be sure to adequately sanitize user-controlled data when it is being parsed by this library.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-611: Improper Restriction of XML External Entity Reference
OWASP:
- A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration