Security
Audit
sax-xxe
sax-xxe
Use of ‘ondoctype’ in ‘sax’ library detected. By default, ‘sax’ won’t do anything with custom DTD entity definitions. If you’re implementing a custom DTD entity definition, be sure not to introduce XML External Entity (XXE) vulnerabilities, or be absolutely sure that external entities received from a trusted source while processing XML.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-611: Improper Restriction of XML External Entity Reference
OWASP:
- A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration