Unsanitized user input in XML External Entity
Last updated
Last updated
Rule ID: java_lang_xml_external_entity_vulnerability
Applicable Languages: Java
Weakness ID: CWE-611
Avoid parsing untrusted data, such as user input, as XML. Such data may include URIs that resolve to resources outside the current context, leading to XML External Entity (XXE) injection. XXE injection occurs when XML input with references to external entities is processed without proper sanitization, potentially allowing attackers to access internal files, cause denial of service, or execute remote code.
Do not parse XML input with external entity processing enabled. This prevents attackers from exploiting XXE vulnerabilities.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our