CWE-827
Improper Control of Document Type Definition
The product does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the product to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker.
Official CWE-827 definition at MITREImpactr finds and proves weaknesses like CWE-827 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist