9 matches found
Langroid Allows XXE Injection via XMLToolMessage
Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...
Denial Of Service (DoS)
silverstripe/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to missing XML size checks, which allows an attacker to significantly degrade the performance of the site through a Quadratic Blowup Attack...
SilverStripe framework XML Quadratic Blowup Attack
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup...
GHSA-G43W-98WP-M694 SilverStripe framework XML Quadratic Blowup Attack
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup...
PT-2024-40280 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: SilverStripe framework affected versions not specified Description: A low-level issue has been found in the framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. Recommendations: At t...
CVE-2023-49967
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc...
mofh Vulnerable to Improper Restriction of XML External Entity Reference
The xml.etree.ElementTree module that mofh used up until version 1.0.1 implements a simple and efficient API for parsing and creating XML data. But it makes the application vulnerable to: - Billion Laughs attack: It is a type of denial-of-service attack aimed at XML parsers. It uses multiple leve...
SS-2014-017: XML Quadratic Blowup Attack
More info at https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/...
Millions of WordPress and Drupal Websites Vulnerable to DoS Attack
Users running the website on a self-hosted WordPress or on Drupal are strongly recommended to update their websites to the latest version immediately. A moderately critical vulnerability was discovered in the way Drupal and WordPress implement XMLRPC, which can lead an attacker to disable your...