Safeguard
Tag

xxe

Safeguard articles tagged "xxe" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Open Source Security

The Java ecosystem's recurring vulnerability classes: deserialization, XXE, and JNDI injection

Log4Shell scored a 10.0 CVSS and Spring4Shell followed five months later — both traced back to two patterns Java has repeated for a decade.

Jul 14, 20266 min read
Application Security

Finding and fixing XXE vulnerabilities across common XML parsers

XXE is tracked as CWE-611 and lives in OWASP's misconfiguration category — because most XML parsers ship unsafe by default.

Jul 13, 20267 min read
Security Guides

OWASP A05: Security Misconfiguration — A Deep-Dive Guide

Security Misconfiguration ranks #5 in the OWASP Top 10 (2021) and absorbed XXE. A deep dive into defaults, exposed services, real CVEs, and how to fix them.

Jul 3, 20266 min read
Vulnerability Guides

What Is XXE (XML External Entity Injection)?

XXE abuses an XML parser's ability to load external entities to read local files, reach internal services, or knock a server offline. Here is how to stop it.

Jul 1, 20265 min read
Application Security

XML Parsing Security: XXE, Billion Laughs, and Beyond

XML's feature richness is its security weakness. XXE, entity expansion, and XSLT injection continue to plague applications that process XML.

Jan 12, 20264 min read
Vulnerability Analysis

Apache Solr XXE remote code execution (CVE-2017-12629)

CVE-2017-12629 chains XXE and Solr's RunExecutableListener into unauthenticated RCE. Affected versions, timeline, and concrete remediation steps.

Dec 22, 20257 min read
Vulnerabilities

XXE Attack Walkthroughs: What a Good Demo Actually Shows

Most XXE video walkthroughs stop at proof-of-concept file reads — here's what a genuinely useful one covers, plus the Java fix that actually closes the hole.

Mar 18, 20255 min read
Code Security

XML External Entity (XXE) Prevention: Disabling the Features That Attack You

XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.

Feb 18, 20245 min read
xxe — Safeguard Blog