CWE-776
AllowedImproper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Abstraction: Base · Status: Draft
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
142 vulnerabilities reference this CWE, most recent first.
GHSA-GP6M-VQHM-5CM5
Vulnerability from github – Published: 2021-07-02 18:37 – Updated: 2024-11-19 18:24XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "XML2Dict"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-25951"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-01T21:42:31Z",
"nvd_published_at": "2021-06-30T12:15:00Z",
"severity": "HIGH"
},
"details": "XXE vulnerability in \u0027XML2Dict\u0027 version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references.",
"id": "GHSA-gp6m-vqhm-5cm5",
"modified": "2024-11-19T18:24:52Z",
"published": "2021-07-02T18:37:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25951"
},
{
"type": "WEB",
"url": "https://github.com/mcspring/XML2Dict/tree/master"
},
{
"type": "PACKAGE",
"url": "https://github.com/mcspring/xml2dict"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/xml2dict/PYSEC-2021-349.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/XML2Dict"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25951"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "XML2Dict XML Entity Expansion Vulnerability"
}
GHSA-H29V-8CC2-W88R
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2024-04-04 02:46Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
{
"affected": [],
"aliases": [
"CVE-2015-9541"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-24T22:15:00Z",
"severity": "HIGH"
},
"details": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.",
"id": "GHSA-h29v-8cc2-w88r",
"modified": "2024-04-04T02:46:51Z",
"published": "2022-05-24T17:07:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9541"
},
{
"type": "WEB",
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H4FR-6C5R-8CR9
Vulnerability from github – Published: 2024-06-14 03:31 – Updated: 2024-07-04 06:35Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27141"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T03:15:09Z",
"severity": "MODERATE"
},
"details": "Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information.\u00a0As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-h4fr-6c5r-8cr9",
"modified": "2024-07-04T06:35:01Z",
"published": "2024-06-14T03:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27141"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5P3-7MG6-HGJ4
Vulnerability from github – Published: 2022-05-17 05:14 – Updated: 2024-01-12 19:50(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendframework1"
},
"ranges": [
{
"events": [
{
"introduced": "1.0"
},
{
"fixed": "1.11.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendframework1"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.0-rc1"
},
{
"fixed": "1.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-6531"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-12T19:50:47Z",
"nvd_published_at": "2013-02-13T17:55:00Z",
"severity": "MODERATE"
},
"details": "(1) `Zend_Dom`, (2) `Zend_Feed`, and (3) `Zend_Soap` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.",
"id": "GHSA-h5p3-7mg6-hgj4",
"modified": "2024-01-12T19:50:47Z",
"published": "2022-05-17T05:14:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6531"
},
{
"type": "WEB",
"url": "https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db"
},
{
"type": "PACKAGE",
"url": "https://github.com/zendframework/zf1"
},
{
"type": "WEB",
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
},
{
"type": "WEB",
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Zend Framework XEE Vulnerability"
}
GHSA-HC9X-XMWH-8232
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.
{
"affected": [],
"aliases": [
"CVE-2020-24591"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-21T20:15:00Z",
"severity": "MODERATE"
},
"details": "The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.",
"id": "GHSA-hc9x-xmwh-8232",
"modified": "2022-05-24T17:26:21Z",
"published": "2022-05-24T17:26:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24591"
},
{
"type": "WEB",
"url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HFR6-PXVF-FRF7
Vulnerability from github – Published: 2022-05-02 03:30 – Updated: 2025-04-09 04:10The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
{
"affected": [],
"aliases": [
"CVE-2009-1955"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-06-08T01:00:00Z",
"severity": "MODERATE"
},
"details": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
"id": "GHSA-hfr6-pxvf-frf7",
"modified": "2025-04-09T04:10:33Z",
"published": "2022-05-02T03:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/8842"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=apr-dev\u0026m=124396021826125\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34724"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35284"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35360"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35395"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35444"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35487"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35565"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35710"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35797"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35843"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36473"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37221"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
},
{
"type": "WEB",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3937"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=781403"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0123"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"type": "WEB",
"url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1812"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/06/03/4"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/506053/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/35253"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-786-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-787-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/1907"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1107"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HJ7C-G88C-MQ5V
Vulnerability from github – Published: 2022-11-18 21:30 – Updated: 2025-04-29 21:31In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2022-44641"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-18T21:15:00Z",
"severity": "MODERATE"
},
"details": "In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.",
"id": "GHSA-hj7c-g88c-mq5v",
"modified": "2025-04-29T21:31:25Z",
"published": "2022-11-18T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44641"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY"
},
{
"type": "WEB",
"url": "https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5318"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HWCX-9P4J-7HWJ
Vulnerability from github – Published: 2019-06-13 20:22 – Updated: 2021-08-16 15:20XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "ro.pippo:pippo-jaxb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-5442"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2019-06-13T20:22:17Z",
"nvd_published_at": "2019-06-12T16:29:00Z",
"severity": "HIGH"
},
"details": "XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.",
"id": "GHSA-hwcx-9p4j-7hwj",
"modified": "2021-08-16T15:20:04Z",
"published": "2019-06-13T20:22:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5442"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/506791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "XML Entity Expansion in Pippo"
}
GHSA-HX54-PF28-7XCH
Vulnerability from github – Published: 2024-06-07 21:31 – Updated: 2024-10-30 21:36An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function via lxml dependency allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ebookmeta"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-37388"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-07T21:54:46Z",
"nvd_published_at": "2024-06-07T19:15:24Z",
"severity": "HIGH"
},
"details": "An XML External Entity (XXE) vulnerability in the `ebookmeta.get_metadata` function via lxml dependency allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.",
"id": "GHSA-hx54-pf28-7xch",
"modified": "2024-10-30T21:36:34Z",
"published": "2024-06-07T21:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37388"
},
{
"type": "WEB",
"url": "https://github.com/dnkorpushov/ebookmeta/issues/16#issue-2317712335"
},
{
"type": "PACKAGE",
"url": "https://github.com/dnkorpushov/ebookmeta"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "ebookmeta XML External Entity vulnerability"
}
GHSA-J7GX-CWM7-5MXG
Vulnerability from github – Published: 2025-08-01 18:31 – Updated: 2025-08-04 18:30XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.
{
"affected": [],
"aliases": [
"CVE-2019-19144"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-01T16:15:37Z",
"severity": "CRITICAL"
},
"details": "XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.",
"id": "GHSA-j7gx-cwm7-5mxg",
"modified": "2025-08-04T18:30:33Z",
"published": "2025-08-01T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19144"
},
{
"type": "WEB",
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0004.md"
},
{
"type": "WEB",
"url": "https://www.quantum.com/products/disk-basedbackup/dxi6700/index.aspx"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities.
Mitigation
Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content.
CAPEC-197: Exponential Data Expansion
An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.