silverstripe/framework is vulnerable to denial of service. The vulnerability exist in xml2array
function in Convert.php
due to quadratic blowup in Convert::xml2array() which allows remote attacker to crash the system via crafted XML document.
github.com/advisories/GHSA-9fmg-89fx-r33w
github.com/silverstripe/silverstripe-framework/commit/b5abc3845581ee922ae9ef50e5caecb21f5a4ec7
github.com/silverstripe/silverstripe-framework/pull/10376
github.com/silverstripe/silverstripe-framework/releases
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/CVE-2021-41559