Improper Restriction of XML External Entity Reference
| Property | |
|---|---|
| Language | clojure |
| Severity |  |
| CWE | CWE-611: Improper Restriction of XML External Entity Reference |
| OWASP | A04:2017 - XML External Entities (XXE) |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code allows XML parsers to process external entity references or DOCTYPE declarations without disabling them. This makes it possible for attackers to inject malicious XML that the application will process, leading to security risks.
Impact#
If exploited, attackers could read sensitive files, access internal network resources, or trigger denial of service by supplying crafted XML input. This could result in data breaches or compromise of the application and its environment.