Use of ‘ondoctype’ in ‘sax’ library detected. By default, ‘sax’ won’t do anything with custom DTD entity definitions. If you’re implementing a custom DTD entity definition, be sure not to introduce XML External Entity (XXE) vulnerabilities, or be absolutely sure that external entities received from a trusted source while processing XML. Likelihood: LOW Confidence: LOW CWE: - CWE-611: Improper Restriction of XML External Entity Reference
OWASP: - A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration