JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection

2013-08-21T00:00:00
ID JVN:24713981
Type jvn
Reporter Japan Vulnerability Notes
Modified 2013-08-21T00:00:00

Description

## Description

The PHP OpenID Library contains an XML external entity injection vulnerability.

## Impact

When processing specially crafted XRDS data, information on the server may be disclosed or server resources may be consumed excessively.

## Solution

Apply a Patch
The source code in the repository has been fixed. Please apply the fixed code according to the code committed by the developer.

## Products Affected

  • PHP OpenID Library versions 2.2.2 and earlier