This application is using LibXML as the XML backend. LibXML can be vulnerable to XML External Entities (XXE) vulnerabilities. Use the built-in Rails XML parser, REXML, instead. Likelihood: LOW Confidence: LOW CWE: - CWE-611: Improper Restriction of XML External Entity Reference
OWASP: - A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration
xml-external-entities-enabled
This application is explicitly enabling external entities enabling an attacker to inject malicious XML to exploit an XML External Entities (XXE) vulnerability. This could let the attacker cause a denial-of-service by forcing the parser to parse large files, or at worst, let the attacker download sensitive files or user data. Use the built-in Rails XML parser, REXML, instead. Likelihood: LOW Confidence: LOW CWE: - CWE-611: Improper Restriction of XML External Entity Reference
OWASP: - A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration