Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-2JX7-XG83-J2M7
HistoryJun 07, 2024 - 9:39 p.m.

Zendframework Denial of Service vector via XEE injection

2024-06-0721:39:23
CWE-776
GitHub Advisory Database
github.com
4
zendframework
xee injection
denial of service
xml entity expansion

7 High

AI Score

Confidence

High

JSON

Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement.

Affected configurations

Vulners
Node
zendframeworkzendframework1Range<1.11.13
CPENameOperatorVersion
zendframework/zendframework1lt1.11.13

7 High

AI Score

Confidence

High

JSON