12 matches found
CVE-2026-12993
Affected software: Apicurio Registry. Vulnerability: DocumentBuilderAccessor does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING, allowing an attacker with artifact-write permission to upload XML documents containing internal entity-expansion payloads (billion-laughs) that c...
📄 fast-xml-parser 5.3.5 Denial of Service
A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...
Important: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
RHEL 8 : expat (RHSA-2025:22842)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22842 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: internal entity expansion CVE-2013-0340 expat: integer overflow in t...
RHEL 9 : expat (RHSA-2025:22035)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22035 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: internal entity expansion CVE-2013-0340 expat: parsing large tokens...
SUSE CVE-2013-0338
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
DEBIAN-CVE-2013-0338
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...
bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
libxml2: CPU consumption DoS when performing string substitutions during entities expansion
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...