symfony/symfony is vulnerable to XML Entity Expansion. The vulnerability is due to all extensions that use libxml2 having no defense against Quadratic Blowup Attacks, which involve defining a long entity that is repeatedly referenced within the XML document, thus creating a potential memory sink for Denial of Service attacks targeting host memory.