Common Weakness Enumeration

CWE-611

Allowed

Improper Restriction of XML External Entity Reference

Abstraction: Base · Status: Draft

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1694 vulnerabilities reference this CWE, most recent first.

GHSA-5278-X3FC-5HX6

Vulnerability from github – Published: 2022-05-17 02:24 – Updated: 2022-05-17 02:24
VLAI
Details

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-29T09:59:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-5278-x3fc-5hx6",
  "modified": "2022-05-17T02:24:38Z",
  "published": "2022-05-17T02:24:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7458"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94483"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037328"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52PR-5RRW-JRW9

Vulnerability from github – Published: 2022-05-17 02:30 – Updated: 2022-05-17 02:30
VLAI
Details

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-3811"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-17T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054.",
  "id": "GHSA-52pr-5rrw-jrw9",
  "modified": "2022-05-17T02:30:17Z",
  "published": "2022-05-17T02:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3811"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96912"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038042"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52WR-3VWW-RMPQ

Vulnerability from github – Published: 2022-05-17 04:44 – Updated: 2023-08-16 23:29
VLAI
Summary
SOAPpy vulnerable to XML External Entity attacks
Details

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "SOAPpy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.12.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-3242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-16T23:29:45Z",
    "nvd_published_at": "2014-05-12T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-52wr-3vww-rmpq",
  "modified": "2023-08-16T23:29:45Z",
  "published": "2022-05-17T04:44:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3242"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kiorky/soappy"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20150501220613/http://www.pnigos.com/?p=260"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200229062311/http://www.securityfocus.com/bid/67216"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/May/20"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/05/06/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/05/06/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "SOAPpy vulnerable to XML External Entity attacks"
}

GHSA-534C-HCR7-67JG

Vulnerability from github – Published: 2024-09-17 18:36 – Updated: 2024-11-14 17:45
VLAI
Summary
Kimai has an XXE Leading to Local File Read
Details

Summary

Kimai uses PHPSpreadsheet for importing and exporting invoices. Recently, a CVE was identified in PHPSpreadsheet, which could lead to an XXE vulnerability.

Details

Exploitation requires an Administrator account, allowing the upload of an XLSX template containing the payload. The vulnerability is triggered by the following code snippet:

// https://github.com/kimai/kimai/blob/b1903ba18359be16dd32ea9c40377c486498f082/src/Invoice/Renderer/AbstractSpreadsheetRenderer.php#L41
public function render(InvoiceDocument $document, InvoiceModel $model): Response
{
    $spreadsheet = IOFactory::load($document->getFilename());
    $worksheet = $spreadsheet->getActiveSheet();
    $entries = $model->getCalculator()->getEntries();
    $sheetReplacer = $model->toArray();
    $invoiceItemCount = \count($entries);
    if ($invoiceItemCount > 1) {
        $this->addTemplateRows($worksheet, $invoiceItemCount);
    }
}

The IOFactory::load function utilizes simplexml_load_string, which has previously been demonstrated to be vulnerable to XXE attacks.

While this is not directly an XXE in Kimai, it does however impact the latest stable version.

PoC

By uploading a malicious XLSX template, the payload will be triggered every time an invoice is generated.

<?xml version="1.0" encoding='UTF-7' standalone="yes"?>
+ADw-!DOCTYPE foo [ <!ENTITY % xxe SYSTEM "php://filter/......." > %xxe;]>.....

For a better a visibility, I will upload both a: - Malicious template sample for testing - An exported invoice, showing the contents of target file during the export.

Impact

Local File Read / RCE in edge cases where phar:// can be utilized with gadget chains .

export.xlsx sample_template.xlsx

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.20.1"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "kimai/kimai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.21.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1395",
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-17T18:36:50Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nKimai uses [PHPSpreadsheet](https://github.com/PHPOffice/PhpSpreadsheet) for importing and exporting invoices. Recently, a [CVE](https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-ghg6-32f9-2jp7) was identified in PHPSpreadsheet, which could lead to an XXE vulnerability.\n\n\n### Details\n\nExploitation requires an Administrator account, allowing the upload of an `XLSX` template containing the payload. The vulnerability is triggered by the following code snippet:\n\n```php\n// https://github.com/kimai/kimai/blob/b1903ba18359be16dd32ea9c40377c486498f082/src/Invoice/Renderer/AbstractSpreadsheetRenderer.php#L41\npublic function render(InvoiceDocument $document, InvoiceModel $model): Response\n{\n    $spreadsheet = IOFactory::load($document-\u003egetFilename());\n    $worksheet = $spreadsheet-\u003egetActiveSheet();\n    $entries = $model-\u003egetCalculator()-\u003egetEntries();\n    $sheetReplacer = $model-\u003etoArray();\n    $invoiceItemCount = \\count($entries);\n    if ($invoiceItemCount \u003e 1) {\n        $this-\u003eaddTemplateRows($worksheet, $invoiceItemCount);\n    }\n}\n```\n\nThe `IOFactory::load` function utilizes `simplexml_load_string`, which has previously been demonstrated to be vulnerable to XXE attacks.\n\nWhile this is not directly an XXE in Kimai, it does however impact the latest stable version.\n\n \n### PoC\n\nBy uploading a malicious `XLSX` template, the payload will be triggered every time an invoice is generated.\n\n```xml\n\u003c?xml version=\"1.0\" encoding=\u0027UTF-7\u0027 standalone=\"yes\"?\u003e\n+ADw-!DOCTYPE foo [ \u003c!ENTITY % xxe SYSTEM \"php://filter/.......\" \u003e %xxe;]\u003e.....\n```\n\nFor a better a visibility, I will upload both a:\n- Malicious template sample for testing \n- An exported invoice, showing the contents of target file during the export. \n\n### Impact\nLocal File Read / RCE in edge cases where `phar://` can be utilized with [gadget chains](https://github.com/ambionics/phpggc) . \n\n\n[export.xlsx](https://github.com/user-attachments/files/16803913/export.xlsx)\n[sample_template.xlsx](https://github.com/user-attachments/files/16803916/sample_template.xlsx)\n",
  "id": "GHSA-534c-hcr7-67jg",
  "modified": "2024-11-14T17:45:16Z",
  "published": "2024-09-17T18:36:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-ghg6-32f9-2jp7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kimai/kimai/security/advisories/GHSA-534c-hcr7-67jg"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kimai/kimai/commit/3204dcb03e1003dba90178667a4667ce3edb87b5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kimai/kimai"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Kimai has an XXE Leading to Local File Read"
}

GHSA-536H-WXCG-VP88

Vulnerability from github – Published: 2024-11-27 00:31 – Updated: 2024-11-27 00:31
VLAI
Details

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611",
      "CWE-91"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-26T22:15:17Z",
    "severity": "HIGH"
  },
  "details": "An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.",
  "id": "GHSA-536h-wxcg-vp88",
  "modified": "2024-11-27T00:31:41Z",
  "published": "2024-11-27T00:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11622"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04731en_us"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-53CF-9PQV-XJXX

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-21T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected.",
  "id": "GHSA-53cf-9pqv-xjxx",
  "modified": "2022-05-13T01:31:24Z",
  "published": "2022-05-13T01:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1698"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-iot-fnd-xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107093"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54HV-P86J-4879

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-23 15:32
VLAI
Details

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T16:16:44Z",
    "severity": "HIGH"
  },
  "details": "CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.",
  "id": "GHSA-54hv-p86j-4879",
  "modified": "2026-06-23T15:32:30Z",
  "published": "2026-06-09T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8045"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-160-01.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-558X-9FXP-VFQF

Vulnerability from github – Published: 2022-04-03 00:01 – Updated: 2022-04-13 00:00
VLAI
Details

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1018"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-01T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.",
  "id": "GHSA-558x-9fxp-vfqf",
  "modified": "2022-04-13T00:00:50Z",
  "published": "2022-04-03T00:01:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1018"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55GJ-HCPF-VG3H

Vulnerability from github – Published: 2024-06-20 15:31 – Updated: 2025-11-04 18:31
VLAI
Details

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML files, it resolves external XML entities, resulting in a XML external entity injection attack. An attacker with privileges to scan source code within the "Code Security" module is able to extract any files of the operating system with the rights of the application server user and is potentially able to gain sensitive files, such as configuration and passwords. Furthermore, this vulnerability also allows an attacker to initiate connections to internal systems, e.g. for port scans or accessing other internal functions / applications such as the Wildfly admin console of Kiuwan.

This issue affects Kiuwan SAST: <master.1808.p685.q13371

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-20T13:15:49Z",
    "severity": "HIGH"
  },
  "details": "When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web \napplication (either on-premises or cloud/SaaS solution), the transmitted data \nconsists of a ZIP archive containing several files, some of them in the \nXML file format. During Kiuwan\u0027s server-side processing of these XML \nfiles, it resolves external XML entities, resulting in a XML external \nentity injection attack.\u00a0An attacker with privileges to scan \nsource code within the \"Code Security\" module is able to extract any \nfiles of the operating system with the rights of the application server \nuser and is potentially able to gain sensitive files, such as \nconfiguration and passwords. Furthermore, this vulnerability also allows\n an attacker to initiate connections to internal systems, e.g. for port \nscans or accessing other internal functions / applications such as the \nWildfly admin console of Kiuwan.\n\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371",
  "id": "GHSA-55gj-hcpf-vg3h",
  "modified": "2025-11-04T18:31:01Z",
  "published": "2024-06-20T15:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49110"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/kiuwan"
    },
    {
      "type": "WEB",
      "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jun/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55PH-9W63-R34W

Vulnerability from github – Published: 2022-05-14 02:03 – Updated: 2022-05-14 02:03
VLAI
Details

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-01T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.",
  "id": "GHSA-55ph-9w63-r34w",
  "modified": "2022-05-14T02:03:04Z",
  "published": "2022-05-14T02:03:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16303"
    },
    {
      "type": "WEB",
      "url": "https://forum.tracker-software.com/viewtopic.php?f=62\u0026t=31419"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration

Many XML parsers and validators can be configured to disable external entity expansion.

CAPEC-221: Data Serialization External Entities Blowup

This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.