2 matches found
GHSA-2JX7-XG83-J2M7 Zendframework Denial of Service vector via XEE injection
ZendDom, ZendFeed, ZendSoap, and ZendXmlRpc are vulnerable to XML Entity Expansion XEE vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memo...
Zend Framework -- Multiple vulnerabilities via XXE injection
The Zend Framework team reports: The XmlRpc package of Zend Framework is vulnerable to XML eXternal Entity Injection attacks both server and client. The SimpleXMLElement class SimpleXML PHP extension is used in an insecure way to parse XML data. External entities can be specified by adding a...