cwe-611
Safeguard articles tagged "cwe-611" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Finding and fixing XXE vulnerabilities across common XML parsers
XXE is tracked as CWE-611 and lives in OWASP's misconfiguration category — because most XML parsers ship unsafe by default.
What Is XXE (XML External Entity Injection)?
XXE abuses an XML parser's ability to load external entities to read local files, reach internal services, or knock a server offline. Here is how to stop it.
What is XML External Entity (XXE) Injection
XXE injection lets attackers abuse XML parsers to read files, trigger SSRF, or crash services. Here's how it works, real CVEs, and how to stop it.
XML External Entity (XXE) injection explained
XXE injection lets attackers abuse XML parsers to read files, hit cloud metadata via SSRF, or crash servers — here's how it works and how to stop it.
XXE Prevention in C++: Removing libxml2 XML_PARSE_NOENT
How the libxml2 XML_PARSE_NOENT flag enables XXE in C++ codebases, the real CVEs behind it, and the exact code changes needed to remove it safely.