Lucene search
Veracode Vulnerability DatabaseVERACODE:47288HistoryMay 31, 2024 - 7:27 a.m.
XML Entity Expansion (XEE)
2024-05-3107:27:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
xml entity expansion
symfony
php
quadratic blowup
AI Score
6.9
Confidence
Low
symfony/routing is vulnerable to XML Entity Expansion (XEE). The vulnerability is due to allowing custom entities in PHP, which allows an attacker to submit XML which results in a XEE Quadratic Blowup.
AI Score
6.9
Confidence
Low