Central Security Project: Pippo XML Entity Expansion (Billion Laughs Attack)

Maven artifact groupId: ro.pippo artifactId: pippo-jaxb version: 1.12.0 Vulnerability Vulnerability Description Pippo unsafely parses user provided XML. The fromString in the ro.pippo.jaxb.JaxbEngine class allows user provided DTDs that the rest of the XML may reference. This can lead to recursiv...