GHSA-4VF2-QFG3-7598 symfony/validator XML Entity Expansion vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

symfony/validator XML Entity Expansion vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

GHSA-Q2GC-GG3X-7942 Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

Symfony XXE security vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

GHSA-C636-CG5R-2498 Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

GHSA-Q386-W6FG-GMGP XML External Entity (XXE) vulnerability in the XML data handler

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the affected methods. If you use an affected method and cannot rule out XML input controlled by an...

XML External Entity (XXE) vulnerability in the XML data handler

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the affected methods. If you use an affected method and cannot rule out XML input controlled by an...

Kirby 安全漏洞

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby versions 3.5.8.2 and earlier, 3.6.0 through 3.6.6.2, 3.7.0 through 3.7.5.1, 3.8.0 through 3.8.4, and 3.9.0 through 3.9.5 due to the use of PHP's LIBXMLNOENT constant, which allows XML external entities t...

Security Release: Symfony 2.0.17 released

Symfony 2.0.17 has just been released. This release contains several security fixes related to the way XML is handled, and as such, we recommend everyone to upgrade. These issues have been reported by Pádraic Brady from the Zend Framework team; I would like to thank him for the very detailed repo...