3 matches found
CVE-2019-5442
XML Entity Expansion Billion Laughs Attack on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will...
com.gitblit.fathom:fathom-integration-test (>=0.6.0 <=1.0.1), ro.pippo:pippo-demo-ajax (>=0.6.0 <=0.6.1) +15 more potentially affected by CVE-2019-5442 via ro.pippo:pippo-jaxb (>=0.6.0 <=1.0.0)
ro.pippo:pippo-jaxb MAVEN version =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.1 and more Source cves: CVE-2019-5442 Source advisory: OSV:GHSA-HWCX-9P4J-7HWJ...
CVE-2019-5442
CVE-2019-5442 describes an XML Entity Expansion (Billion Laughs) vulnerability in Pippo 1.12.0 where untrusted XML parsing can trigger recursive entities via a DTD, causing DoS through excessive heap memory consumption and potential JVM memory exhaustion. Connected records confirm Pippo 1.12.0 as...