PT-2024-40262 · Symfony +2 · Symfony +2

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to the latest version Description: The issue concerns XML Entity Expansion XEE attacks, which can lead to Denial Of Service attacks against a host's RAM. This is due to the lack of a method to disable custom entities in...

UBUNTU-CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...