SYM_JAVA_0084 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Restriction of XML External Entity Reference
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-611: Improper Restriction of XML External Entity Reference |
| OWASP | A04:2017 - XML External Entities (XXE) |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Using XMLDecoder to parse data from untrusted sources is unsafe because it can execute arbitrary code during deserialization. This approach exposes your application to serious security risks when handling user-provided XML input.
Impact
If exploited, an attacker could execute malicious code on your server, potentially leading to full system compromise, data theft, or further attacks on your infrastructure. This can result in data breaches, service disruption, and significant harm to your organization.