SYM_CLJ_0005 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Improper Restriction of XML External Entity Reference

Property Value
Language clojure
Severity high
CWE CWE-611: Improper Restriction of XML External Entity Reference
OWASP A04:2017 - XML External Entities (XXE)
Confidence Level High
Impact Level High
Likelihood Level Low

Description

The code allows XML parsers to process external entity references or DOCTYPE declarations without disabling them. This makes it possible for attackers to inject malicious XML that the application will process, leading to security risks.

Impact

If exploited, attackers could read sensitive files, access internal network resources, or trigger denial of service by supplying crafted XML input. This could result in data breaches or compromise of the application and its environment.