Common Weakness Enumeration

CWE-776

Allowed

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Abstraction: Base · Status: Draft

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

142 vulnerabilities reference this CWE, most recent first.

GHSA-GP6M-VQHM-5CM5

Vulnerability from github – Published: 2021-07-02 18:37 – Updated: 2024-11-19 18:24
VLAI
Summary
XML2Dict XML Entity Expansion Vulnerability
Details

XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "XML2Dict"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611",
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-01T21:42:31Z",
    "nvd_published_at": "2021-06-30T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "XXE vulnerability in \u0027XML2Dict\u0027 version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references.",
  "id": "GHSA-gp6m-vqhm-5cm5",
  "modified": "2024-11-19T18:24:52Z",
  "published": "2021-07-02T18:37:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25951"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mcspring/XML2Dict/tree/master"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mcspring/xml2dict"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/xml2dict/PYSEC-2021-349.yaml"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/XML2Dict"
    },
    {
      "type": "WEB",
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25951"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "XML2Dict XML Entity Expansion Vulnerability"
}

GHSA-H29V-8CC2-W88R

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2024-04-04 02:46
VLAI
Details

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-24T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.",
  "id": "GHSA-h29v-8cc2-w88r",
  "modified": "2024-04-04T02:46:51Z",
  "published": "2022-05-24T17:07:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9541"
    },
    {
      "type": "WEB",
      "url": "https://bugreports.qt.io/browse/QTBUG-47417"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4FR-6C5R-8CR9

Vulnerability from github – Published: 2024-06-14 03:31 – Updated: 2024-07-04 06:35
VLAI
Details

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-14T03:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information.\u00a0As for the affected products/models/versions, see the reference URL.",
  "id": "GHSA-h4fr-6c5r-8cr9",
  "modified": "2024-07-04T06:35:01Z",
  "published": "2024-06-14T03:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27141"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.toshibatec.com/information/20240531_01.html"
    },
    {
      "type": "WEB",
      "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jul/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5P3-7MG6-HGJ4

Vulnerability from github – Published: 2022-05-17 05:14 – Updated: 2024-01-12 19:50
VLAI
Summary
Zend Framework XEE Vulnerability
Details

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "zendframework/zendframework1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0"
            },
            {
              "fixed": "1.11.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "zendframework/zendframework1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0-rc1"
            },
            {
              "fixed": "1.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-6531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T19:50:47Z",
    "nvd_published_at": "2013-02-13T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "(1) `Zend_Dom`, (2) `Zend_Feed`, and (3) `Zend_Soap` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.",
  "id": "GHSA-h5p3-7mg6-hgj4",
  "modified": "2024-01-12T19:50:47Z",
  "published": "2022-05-17T05:14:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6531"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zendframework/zf1"
    },
    {
      "type": "WEB",
      "url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
    },
    {
      "type": "WEB",
      "url": "http://framework.zend.com/security/advisory/ZF2012-01"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2505"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Zend Framework XEE Vulnerability"
}

GHSA-HC9X-XMWH-8232

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26
VLAI
Details

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611",
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-21T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.",
  "id": "GHSA-hc9x-xmwh-8232",
  "modified": "2022-05-24T17:26:21Z",
  "published": "2022-05-24T17:26:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24591"
    },
    {
      "type": "WEB",
      "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HFR6-PXVF-FRF7

Vulnerability from github – Published: 2022-05-02 03:30 – Updated: 2025-04-09 04:10
VLAI
Details

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-08T01:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
  "id": "GHSA-hfr6-pxvf-frf7",
  "modified": "2025-04-09T04:10:33Z",
  "published": "2022-05-02T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8842"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=apr-dev\u0026m=124396021826125\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34724"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35284"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35360"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35395"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35444"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35487"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35565"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35710"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35797"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35843"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36473"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37221"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=781403"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0123"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
    },
    {
      "type": "WEB",
      "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1812"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/06/03/4"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/506053/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35253"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-786-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-787-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1907"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJ7C-G88C-MQ5V

Vulnerability from github – Published: 2022-11-18 21:30 – Updated: 2025-04-29 21:31
VLAI
Details

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-44641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-18T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.",
  "id": "GHSA-hj7c-g88c-mq5v",
  "modified": "2025-04-29T21:31:25Z",
  "published": "2022-11-18T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44641"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY"
    },
    {
      "type": "WEB",
      "url": "https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5318"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWCX-9P4J-7HWJ

Vulnerability from github – Published: 2019-06-13 20:22 – Updated: 2021-08-16 15:20
VLAI
Summary
XML Entity Expansion in Pippo
Details

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ro.pippo:pippo-jaxb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-5442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-06-13T20:22:17Z",
    "nvd_published_at": "2019-06-12T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.",
  "id": "GHSA-hwcx-9p4j-7hwj",
  "modified": "2021-08-16T15:20:04Z",
  "published": "2019-06-13T20:22:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5442"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/506791"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XML Entity Expansion in Pippo"
}

GHSA-HX54-PF28-7XCH

Vulnerability from github – Published: 2024-06-07 21:31 – Updated: 2024-10-30 21:36
VLAI
Summary
ebookmeta XML External Entity vulnerability
Details

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function via lxml dependency allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ebookmeta"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-37388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611",
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-07T21:54:46Z",
    "nvd_published_at": "2024-06-07T19:15:24Z",
    "severity": "HIGH"
  },
  "details": "An XML External Entity (XXE) vulnerability in the `ebookmeta.get_metadata` function via lxml dependency allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.",
  "id": "GHSA-hx54-pf28-7xch",
  "modified": "2024-10-30T21:36:34Z",
  "published": "2024-06-07T21:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37388"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dnkorpushov/ebookmeta/issues/16#issue-2317712335"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dnkorpushov/ebookmeta"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ebookmeta XML External Entity vulnerability"
}

GHSA-J7GX-CWM7-5MXG

Vulnerability from github – Published: 2025-08-01 18:31 – Updated: 2025-08-04 18:30
VLAI
Details

XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-01T16:15:37Z",
    "severity": "CRITICAL"
  },
  "details": "XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.",
  "id": "GHSA-j7gx-cwm7-5mxg",
  "modified": "2025-08-04T18:30:33Z",
  "published": "2025-08-01T18:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19144"
    },
    {
      "type": "WEB",
      "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0004.md"
    },
    {
      "type": "WEB",
      "url": "https://www.quantum.com/products/disk-basedbackup/dxi6700/index.aspx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Operation

If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities.

Mitigation
Implementation

Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content.

CAPEC-197: Exponential Data Expansion

An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.