Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:27804
HistoryNov 05, 2020 - 3:17 a.m.

XML Entity Expansion (XEE)

2020-11-0503:17:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
xml entity expansion
qt
qxmlstreamreader
svg
xml bomb attack

EPSS

0.003

Percentile

65.1%

Qt is is vulnerable to XML entity expansion. The vulnerability exists due to mishandling of ‘QXmlStreamReader’ allowing a malicious attacker to send crafted SVG to cause an xml bomb attack.