Improper Restriction of XML External Entity Reference
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-611: Improper Restriction of XML External Entity Reference |
| OWASP | A04:2017 - XML External Entities (XXE) |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code enables XML external entity (XXE) processing, which allows XML parsers to access external resources. This makes the application vulnerable to attackers who can inject malicious XML and access or manipulate files on the server.
Impact#
If exploited, attackers could read sensitive files, retrieve confidential data, or cause denial-of-service by making the server process large or malicious XML payloads. This can lead to data breaches, system downtime, or unauthorized access to internal resources.