Lucene search
GitHub Advisory DatabaseGHSA-G43W-98WP-M694HistoryMay 23, 2024 - 2:49 p.m.
SilverStripe framework XML Quadratic Blowup Attack
2024-05-2314:49:39
CWE-400
CWE-776
GitHub Advisory Database
github.com
3
silverstripe
quadratic blowup attack
vulnerability
xml
performance
exploit
7 High
AI Score
Confidence
Low
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site.
See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup.
Affected configurations
Node
silverstripeframeworkRange≤3.1.11
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe/framework | le | 3.1.11 |
References
github.com/advisories/GHSA-g43w-98wp-m694
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-017-1.yaml
github.com/silverstripe/silverstripe-framework/commit/7f983c2bae1dc78ca7217e9af364b2fb71dcefe8
www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack
7 High
AI Score
Confidence
Low