Info Call to XML parsing API


Improper XML parsing could lead to several vulnerabilities which could to arbitrary file access (External XML Entities injection, XML injection) or denial of service (Billion laughs, quadratic blowup).


This entry is informative, no recommendations applicable.

Technical details

Method androidx.appcompat.widget.ActivityChooserModel$PersistHistoryAsyncTask.doInBackground() calling method android.util.Xml.newSerializer()

Couldn't retrieve source code

Method org.androidannotations.api.sharedpreferences.SetXmlSerializer.serialize() calling method android.util.Xml.newSerializer()

    public static String serialize(java.util.Set p5)
        if (p5 == null) {
            p5 = java.util.Collections.emptySet();
        } v0_1 = new;
        org.xmlpull.v1.XmlSerializer v1 = android.util.Xml.newSerializer();
        try {
            v1.startTag("", "AA_set");
            org.xmlpull.v1.XmlSerializer v5_1 = p5.iterator();
        } catch (IllegalArgumentException) {
            return v0_1.toString();
        while (v5_1.hasNext()) {
            v1.startTag("", "AA_string").text(((String)"", "AA_string");
        v1.endTag("", "AA_set").endDocument();
        return v0_1.toString();