github-actions[bot]
commented
2 years ago Issue still exists.
Open github-actions[bot] opened 2 years ago
github-actions[bot]
commented
2 years ago Issue still exists.
Improper_Restriction_of_XXE_Ref issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java in branch refs/heads/master
The processRequest loads and parses XML using parse, at line 48 of src\main\java\org\cysecurity\cspf\jvl\controller\xxe.java. This XML was received earlier from user input, getInputStream, at line 44 of src\main\java\org\cysecurity\cspf\jvl\controller\xxe.java. Note that parse is set to automatically load and replace any DTD entity references in the XML, including references to external files.
Severity: Medium
CWE:611
Vulnerability details and guidance
Checkmarx
Training Recommended Fix
Lines: 44
Code (Line #44):