Pippo Content Type Parent is vulnerable to denial of service. Pippo unsafely parses user provided XML as it allows user to provide DTD. The attacker thus could craft a malicious input to trigger a billion laughs attack, crashing the system.
CPE | Name | Operator | Version |
---|---|---|---|
pippo jaxb | le | 1.13.1 |