We're updating the issue view to help you get more done.

Learn more or See the old view

/

/

Copy link to issue

summary

Mitigate XXE attacks

Description

Not properly configured XML parsers are potentially vulnerable to XXE attacks. Adding these settings should prevent most of this attacks.
https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
Solution:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxreader

Found with SonarQube

Environment

Environment

None

Acceptance Test - Entry

Acceptance Test - Entry

None

Fixed

Assignee

Assignee

Paweł Ścibiorski

Reporter

Reporter

Paweł Ścibiorski

Labels

Labels

security-vulnerabitliy

Expected Effort

Expected Effort

None

Ignite Forum URL

Ignite Forum URL

None

Fix versions

Fix versions

Priority

Priority

Major

Configure