SYM_CLJ_0005 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Restriction of XML External Entity Reference
Property | Value |
---|---|
Language | clojure |
Severity | |
CWE | CWE-611: Improper Restriction of XML External Entity Reference |
OWASP | A04:2017 - XML External Entities (XXE) |
Confidence Level | High |
Impact Level | High |
Likelihood Level | Low |
Description
The code allows XML parsers to process external entity references or DOCTYPE declarations without disabling them. This makes it possible for attackers to inject malicious XML that the application will process, leading to security risks.
Impact
If exploited, attackers could read sensitive files, access internal network resources, or trigger denial of service by supplying crafted XML input. This could result in data breaches or compromise of the application and its environment.