Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/user/application_security/dast/checks/611.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/application_security/dast/checks/611.1.md')
-rw-r--r--doc/user/application_security/dast/checks/611.1.md31
1 files changed, 31 insertions, 0 deletions
diff --git a/doc/user/application_security/dast/checks/611.1.md b/doc/user/application_security/dast/checks/611.1.md
new file mode 100644
index 00000000000..49ef449f8b0
--- /dev/null
+++ b/doc/user/application_security/dast/checks/611.1.md
@@ -0,0 +1,31 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# External XML Entity Injection (XXE)
+
+## Description
+
+It is possible to cause the application's XML parser to include external resources.
+This can include files or in some circumstances initiate requests to third party
+servers.
+
+## Remediation
+
+Consult the documentation for the XML Parser used by the target application for security
+guidelines and hardening steps. It is recommended that all XML parsers disable external
+entity resolution and XML `xinclude` features. Most XML parsers based on `libxml` can also be
+configured to disable network access.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 611.1 | false | 611 | Active | high |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing)
+- [CWE](https://cwe.mitre.org/data/definitions/611.html)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 11:43:29 +0300