CWE-827

• CWE ID
• 827

• CWE Name
• Improper Control of Document Type Definition

• CWE Abstraction
• Variant

• CWE structure
• Simple

• CWE Status
• Incomplete

The software does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the software to expose files, consume excessive system resources, or ex