XML injection (aka Blind XPath injection)
ID |
scala.xml.scala_xml_rule_xslttransform |
Severity |
low |
Resource |
Xml |
Language |
Scala |
Description
It is possible to attach malicious behavior to those style sheets. Therefore, if an attacker can control the content or the source of the style sheet, he might be able to trigger remote code execution.
Rationale
It is possible to attach malicious behavior to those style sheets. Therefore, if an attacker can control the content or the source of the style sheet, he might be able to trigger remote code execution.
Remediation
Follow secure coding practices and review the references below for detailed remediation guidance.
References
-
OWASP Top 10 2021 - A05 : Security Misconfiguration.