XML Entity Expansion (XEE)

symfony/dependency-injection is vulnerable to XML Entity Expansion XEE . The vulnerability is due to XML Entity Expansion XEE attacks, where the use of libxml2 lacks defense against XEE Quadratic Blowup Attacks QBA, allowing long entities to create a memory sink for Denial of Service attacks on R...