CWE-776
AllowedImproper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Abstraction: Base · Status: Draft
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
142 vulnerabilities reference this CWE, most recent first.
CVE-2019-5442 (GCVE-0-2019-5442)
Vulnerability from cvelistv5 – Published: 2019-06-12 15:08 – Updated: 2024-08-04 19:54- CWE-776 - XML Entity Expansion (CWE-776)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/506791 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/506791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pippo",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "XML Entity Expansion (CWE-776)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-12T15:08:59.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/506791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pippo",
"version": {
"version_data": [
{
"version_value": "1.12.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML Entity Expansion (CWE-776)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/506791",
"refsource": "MISC",
"url": "https://hackerone.com/reports/506791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5442",
"datePublished": "2019-06-12T15:08:59.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5427 (GCVE-0-2019-5427)
Vulnerability from cvelistv5 – Published: 2019-04-22 20:52 – Updated: 2024-08-04 19:54- CWE-776 - XML Entity Expansion (CWE-776)
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC |
| https://hackerone.com/reports/509315 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-cb14e234fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/"
},
{
"name": "FEDORA-2019-063672154a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/509315"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "c3p0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 0.9.5.4"
}
]
}
],
"datePublic": "2019-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "c3p0 version \u003c 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "XML Entity Expansion (CWE-776)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:35.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "FEDORA-2019-cb14e234fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/"
},
{
"name": "FEDORA-2019-063672154a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/509315"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "c3p0",
"version": {
"version_data": [
{
"version_value": "before 0.9.5.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "c3p0 version \u003c 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML Entity Expansion (CWE-776)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-cb14e234fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/"
},
{
"name": "FEDORA-2019-063672154a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://hackerone.com/reports/509315",
"refsource": "MISC",
"url": "https://hackerone.com/reports/509315"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5427",
"datePublished": "2019-04-22T20:52:56.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-24M8-VM8V-RRFV
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
{
"affected": [],
"aliases": [
"CVE-2021-28302"
],
"database_specific": {
"cwe_ids": [
"CWE-770",
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-12T15:15:00Z",
"severity": "HIGH"
},
"details": "A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.",
"id": "GHSA-24m8-vm8v-rrfv",
"modified": "2022-05-24T17:44:31Z",
"published": "2022-05-24T17:44:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28302"
},
{
"type": "WEB",
"url": "https://github.com/pupnp/pupnp/issues/249"
},
{
"type": "WEB",
"url": "https://github.com/pupnp/pupnp/releases/tag/release-1.14.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2JX7-XG83-J2M7
Vulnerability from github – Published: 2024-06-07 21:39 – Updated: 2024-06-07 21:39Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendframework1"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.11.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-07T21:39:23Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "`Zend_Dom`, `Zend_Feed`, `Zend_Soap`, and `Zend_XmlRpc` are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement.\n\n",
"id": "GHSA-2jx7-xg83-j2m7",
"modified": "2024-06-07T21:39:23Z",
"published": "2024-06-07T21:39:23Z",
"references": [
{
"type": "WEB",
"url": "https://framework.zend.com/security/advisory/ZF2012-02"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2012-02.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/zendframework/zf1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Zendframework Denial of Service vector via XEE injection"
}
GHSA-3CRG-W4F6-42MX
Vulnerability from github – Published: 2026-04-10 20:59 – Updated: 2026-04-24 20:37Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata.
Patches
This has been fixed in pypdf==6.10.0.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3724.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pypdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40260"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T20:59:36Z",
"nvd_published_at": "2026-04-17T01:17:39Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata.\n\n### Patches\nThis has been fixed in [pypdf==6.10.0](https://github.com/py-pdf/pypdf/releases/tag/6.10.0).\n\n### Workarounds\nIf you cannot upgrade yet, consider applying the changes from PR [#3724](https://github.com/py-pdf/pypdf/pull/3724).",
"id": "GHSA-3crg-w4f6-42mx",
"modified": "2026-04-24T20:37:32Z",
"published": "2026-04-10T20:59:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40260"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/pull/3724"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8"
},
{
"type": "PACKAGE",
"url": "https://github.com/py-pdf/pypdf"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pypdf: Manipulated XMP metadata entity declarations can exhaust RAM"
}
GHSA-3MC7-4Q67-W48M
Vulnerability from github – Published: 2022-08-31 00:00 – Updated: 2024-03-15 19:06The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.yaml:snakeyaml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.31"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-25857"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-09T17:53:43Z",
"nvd_published_at": "2022-08-30T05:15:00Z",
"severity": "HIGH"
},
"details": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.",
"id": "GHSA-3mc7-4q67-w48m",
"modified": "2024-03-15T19:06:43Z",
"published": "2022-08-31T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"type": "WEB",
"url": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174"
},
{
"type": "WEB",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174"
},
{
"type": "WEB",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
},
{
"type": "PACKAGE",
"url": "https://github.com/snakeyaml/snakeyaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240315-0010"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncontrolled Resource Consumption in snakeyaml"
}
GHSA-3PPR-72X5-X67Q
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2024-01-04 12:11Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jvnet.hudson.plugins:mstest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-24441"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-27T01:03:33Z",
"nvd_published_at": "2023-01-26T21:18:00Z",
"severity": "CRITICAL"
},
"details": "Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
"id": "GHSA-3ppr-72x5-x67q",
"modified": "2024-01-04T12:11:28Z",
"published": "2023-01-26T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24441"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/mstest-plugin/commit/f9b9b0cbdf7559fdd8fc4004e5a242f5801daa67"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/mstest-plugin/releases/tag/mstest-1.0.1"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2292"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "XML external entity vulnerability on agents in Jenkins MSTest Plugin "
}
GHSA-3X45-J72C-XQPJ
Vulnerability from github – Published: 2024-06-27 00:31 – Updated: 2024-06-27 00:31Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
{
"affected": [],
"aliases": [
"CVE-2024-28982"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-26T23:15:19Z",
"severity": "HIGH"
},
"details": "Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.",
"id": "GHSA-3x45-j72c-xqpj",
"modified": "2024-06-27T00:31:04Z",
"published": "2024-06-27T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28982"
},
{
"type": "WEB",
"url": "https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-427G-2R83-3CCM
Vulnerability from github – Published: 2019-11-12 22:59 – Updated: 2024-02-12 11:49An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure.
As per the Magento Release 2.3.3, if you have already implemented the pre-release version of this patch (2.3.2-p1), it is highly recommended to promptly upgrade to 2.3.2-p2.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.2"
},
{
"fixed": "2.2.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.3"
},
{
"fixed": "2.3.2-p2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-8126"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2019-11-12T22:13:59Z",
"nvd_published_at": "2019-11-05T23:15:00Z",
"severity": "MODERATE"
},
"details": "An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure.\n\nAs per [the Magento Release 2.3.3](https://web.archive.org/web/20201126132230/https://devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-3-commerce.html#new-security-only-patch-available), if you have already implemented the pre-release version of this patch (2.3.2-p1), it is highly recommended to promptly upgrade to 2.3.2-p2.",
"id": "GHSA-427g-2r83-3ccm",
"modified": "2024-02-12T11:49:40Z",
"published": "2019-11-12T22:59:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8126"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8126.yaml"
},
{
"type": "WEB",
"url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Information disclosure through processing of external XML entities"
}
GHSA-4322-9574-7CV6
Vulnerability from github – Published: 2023-08-08 09:30 – Updated: 2024-04-04 06:37In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
{
"affected": [],
"aliases": [
"CVE-2023-3569"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T07:15:10Z",
"severity": "MODERATE"
},
"details": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.",
"id": "GHSA-4322-9574-7cv6",
"modified": "2024-04-04T06:37:41Z",
"published": "2023-08-08T09:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3569"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2023-017"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Aug/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities.
Mitigation
Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content.
CAPEC-197: Exponential Data Expansion
An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.