GHSA-F75P-X5VM-83QP symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

GHSA-RJPM-QMQ7-Q85W Symfony XXE security vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

Zend Framework 2.4.2 / 1.12.13 XXE Injection

============================================= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161 ============================================= I. VULNERABILITY ------------------------- Zend Framework From http://framework.zend.com/about/ website:...

Security Release: Symfony 2.0.17 released

Symfony 2.0.17 has just been released. This release contains several security fixes related to the way XML is handled, and as such, we recommend everyone to upgrade. These issues have been reported by Pádraic Brady from the Zend Framework team; I would like to thank him for the very detailed repo...