Open pali opened 4 years ago
XML::LibXML may be instructed to download some parts of XML even when expand_entities and load_ext_dtd are disabled as happened in https://github.com/shlomif/perl-XML-LibXML/pull/39
expand_entities
load_ext_dtd
So network access which is enabled by default is still a security problem even after avoiding XXE.
Moreover https network access is not supported. Only http which is another security issue in network access.
XML::LibXML may be instructed to download some parts of XML even when
expand_entitiesandload_ext_dtdare disabled as happened in https://github.com/shlomif/perl-XML-LibXML/pull/39So network access which is enabled by default is still a security problem even after avoiding XXE.
Moreover https network access is not supported. Only http which is another security issue in network access.