4 matches found
XML Entity Expansion
symfony/symfony is vulnerable to XML Entity Expansion. The vulnerability is due to all extensions that use libxml2 having no defense against Quadratic Blowup Attacks, which involve defining a long entity that is repeatedly referenced within the XML document, thus creating a potential memory sink...
symfony/translation XML Entity Expansion vulnerability
Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...
GHSA-RJPM-QMQ7-Q85W Symfony XXE security vulnerability
Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...
GHSA-C636-CG5R-2498 Symfony XML Entity Expansion security vulnerability
Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...