Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
2.8.0
-
None
-
AbstractDOMParser - Line 108.
Description
Veracode flaw:
By explicitly disabling XML validation, the application is making an assumption that the data provided will conform to the expected format. This can be dangerous if the parser does not properly handle malformed data.
Recommendations:
Validate all XML data against a DTD schema to prevent an attacker from providing malicious or otherwise unexpected
input.