3 matches found
GHSA-4VF2-QFG3-7598 symfony/validator XML Entity Expansion vulnerability
Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...
XML decoding attack vector through external entities
More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...
XML decoding attack vector through external entities
More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...