Checkmarx (SAST): Improper_Restriction_of_XXE_Ref
Security Issue: Read More about Improper_Restriction_of_XXE_Ref
Checkmarx Project: Nova-8/Damm-Vulnerable-CSharp-API
Repository URL: https://github.com/Nova-8/Damm-Vulnerable-CSharp-API
Branch: master
Scan ID: 2f22541b-da6c-459f-9285-99da61e0ed7d
The Post loads and parses XML using Load, at line 29 of /Controllers/ImportsController.cs.
This XML was received earlier from user input, Body, at line 29 of /Controllers/ImportsController.cs. Note that Load is set to automatically load and replace any DTD entity references in the XML, including references to external files.
Result 1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. Body: /Controllers/ImportsController.cs[29,47]
2. Load: /Controllers/ImportsController.cs[29,22]
Review result in Checkmarx One: Improper_Restriction_of_XXE_Ref
Checkmarx (SAST): Improper_Restriction_of_XXE_Ref
Security Issue: Read More about Improper_Restriction_of_XXE_Ref
Checkmarx Project: Nova-8/Damm-Vulnerable-CSharp-API
Repository URL: https://github.com/Nova-8/Damm-Vulnerable-CSharp-API
Branch: master
Scan ID: 2f22541b-da6c-459f-9285-99da61e0ed7d
The Post loads and parses XML using Load, at line 29 of /Controllers/ImportsController.cs.
This XML was received earlier from user input, Body, at line 29 of /Controllers/ImportsController.cs. Note that Load is set to automatically load and replace any DTD entity references in the XML, including references to external files.
Result 1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. Body: /Controllers/ImportsController.cs[29,47]
2. Load: /Controllers/ImportsController.cs[29,22]
Review result in Checkmarx One: Improper_Restriction_of_XXE_Ref