Lucene search
Veracode Vulnerability DatabaseVERACODE:36210HistoryJun 30, 2022 - 4:20 a.m.
Denial Of Service (DoS)
2022-06-3004:20:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
denial of service
vulnerability
remote attacker
xml document
crash
quadratic blowup
convert.php
EPSS
0.001
Percentile
43.7%
silverstripe/framework is vulnerable to denial of service. The vulnerability exist in xml2array function in Convert.php due to quadratic blowup in Convert::xml2array() which allows remote attacker to crash the system via crafted XML document.
References
github.com/advisories/GHSA-9fmg-89fx-r33w
github.com/silverstripe/silverstripe-framework/commit/b5abc3845581ee922ae9ef50e5caecb21f5a4ec7
github.com/silverstripe/silverstripe-framework/pull/10376
github.com/silverstripe/silverstripe-framework/releases
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/CVE-2021-41559
Related
osv
osv
BIT-silverstripe-2021-41559
2024-03-06 11:05:20
Quadratic blowup in Convert::xml2array()
2022-06-29 22:39:50
CVE-2021-41559
2022-06-28 22:15:07
github
github
Quadratic blowup in Convert::xml2array()
2022-06-29 22:39:50
friendsofphp
friendsofphp
CVE-2021-41559: Quadratic blowup in Convert::xml2array()
2022-06-27 05:27:00
cve
cve
CVE-2021-41559
2022-06-28 22:15:07
prion
prion
Design/Logic Flaw
2022-06-28 22:15:00
cvelist
cvelist
CVE-2021-41559
2022-06-28 21:27:23
nvd
nvd
CVE-2021-41559
2022-06-28 22:15:07