HavenDV
commented
1 month ago I don't remember exactly, I think not
Open HavenDV opened 1 year ago
HavenDV
commented
1 month ago I don't remember exactly, I think not
XmlDocument load is vulnerable to XXE attacks (XML external entity injection)
it can allow someone to perform SSRF attacks and read local files by sending an AMF request with XML data
Here is some more info that may help https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca3075