CWE-776
AllowedImproper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Abstraction: Base · Status: Draft
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
142 vulnerabilities reference this CWE, most recent first.
GHSA-6CVG-3R48-6PRG
Vulnerability from github – Published: 2022-04-23 00:03 – Updated: 2022-04-30 00:00IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
{
"affected": [],
"aliases": [
"CVE-2021-20464"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-22T17:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.",
"id": "GHSA-6cvg-3r48-6prg",
"modified": "2022-04-30T00:00:45Z",
"published": "2022-04-23T00:03:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20464"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196813"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220602-0003"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6570957"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6WFM-7HQX-39WG
Vulnerability from github – Published: 2022-04-29 01:28 – Updated: 2024-02-02 15:30libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
{
"affected": [],
"aliases": [
"CVE-2003-1564"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-12-31T05:00:00Z",
"severity": "HIGH"
},
"details": "libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the \"billion laughs attack.\"",
"id": "GHSA-6wfm-7hqx-39wg",
"modified": "2024-02-02T15:30:25Z",
"published": "2022-04-29T01:28:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-1564"
},
{
"type": "WEB",
"url": "http://mail.gnome.org/archives/xml/2008-August/msg00034.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31868"
},
{
"type": "WEB",
"url": "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html"
},
{
"type": "WEB",
"url": "http://www.stylusstudio.com/xmldev/200302/post20020.html"
},
{
"type": "WEB",
"url": "http://xmlsoft.org/news.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6WJ9-77WQ-JQ7P
Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2023-03-06 23:31Nokogiri before 1.5.4 is vulnerable to XXE attacks.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-6685"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-12T16:55:39Z",
"nvd_published_at": "2020-02-19T15:15:00Z",
"severity": "HIGH"
},
"details": "Nokogiri before 1.5.4 is vulnerable to XXE attacks.",
"id": "GHSA-6wj9-77wq-jq7p",
"modified": "2023-03-06T23:31:46Z",
"published": "2022-04-23T00:40:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6685"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/issues/693"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
},
{
"type": "WEB",
"url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Nokogiri is vulnerable to XML External Entity (XXE) attack"
}
GHSA-73CQ-FHP3-8RPW
Vulnerability from github – Published: 2018-10-17 00:04 – Updated: 2021-09-02 19:18Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.restlet.jse:org.restlet"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-1868"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:21:10Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.",
"id": "GHSA-73cq-fhp3-8rpw",
"modified": "2021-09-02T19:18:12Z",
"published": "2018-10-17T00:04:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1868"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91181"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-73cq-fhp3-8rpw"
},
{
"type": "PACKAGE",
"url": "https://github.com/restlet/restlet-framework-java"
},
{
"type": "WEB",
"url": "https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56940"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Moderate severity vulnerability that affects org.restlet.jse:org.restlet"
}
GHSA-748J-WM96-4WH5
Vulnerability from github – Published: 2026-06-26 00:32 – Updated: 2026-06-26 00:32A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloads (billion-laughs variant) that cause CPU and heap exhaustion, partially mitigated by the JAXP default 64,000 entity-expansion limit.
{
"affected": [],
"aliases": [
"CVE-2026-12993"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T00:16:50Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloads (billion-laughs variant) that cause CPU and heap exhaustion, partially mitigated by the JAXP default 64,000 entity-expansion limit.",
"id": "GHSA-748j-wm96-4wh5",
"modified": "2026-06-26T00:32:07Z",
"published": "2026-06-26T00:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12993"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-12993"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491692"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74FP-R6JW-H4MP
Vulnerability from github – Published: 2023-02-08 00:35 – Updated: 2024-05-20 21:45CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable.
When creating a ConfigMap object which has recursive references contained in it, excessive CPU usage can occur. This appears to be an instance of a "Billion Laughs" attack which is quite well known as an XML parsing issue.
Applying this manifest to a cluster causes the client to hang for some time with considerable CPU usage.
apiVersion: v1
data:
a: &a ["web","web","web","web","web","web","web","web","web"]
b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]
c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]
d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]
e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]
f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
kind: ConfigMap
metadata:
name: yaml-bomb
namespace: default
Specific Go Packages Affected
- k8s.io/apimachinery/pkg/runtime/serializer/json
- k8s.io/apimachinery/pkg/util/json
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/apimachinery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20190927203648-9ce6eca90e73"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-08T00:35:27Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. \n\nWhen creating a ConfigMap object which has recursive references contained in it, excessive CPU usage can occur. This appears to be an instance of a \"Billion Laughs\" attack which is quite well known as an XML parsing issue.\n\nApplying this manifest to a cluster causes the client to hang for some time with considerable CPU usage.\n\n```yaml\napiVersion: v1\ndata:\n a: \u0026a [\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\"]\n b: \u0026b [*a,*a,*a,*a,*a,*a,*a,*a,*a]\n c: \u0026c [*b,*b,*b,*b,*b,*b,*b,*b,*b]\n d: \u0026d [*c,*c,*c,*c,*c,*c,*c,*c,*c]\n e: \u0026e [*d,*d,*d,*d,*d,*d,*d,*d,*d]\n f: \u0026f [*e,*e,*e,*e,*e,*e,*e,*e,*e]\n g: \u0026g [*f,*f,*f,*f,*f,*f,*f,*f,*f]\n h: \u0026h [*g,*g,*g,*g,*g,*g,*g,*g,*g]\n i: \u0026i [*h,*h,*h,*h,*h,*h,*h,*h,*h]\nkind: ConfigMap\nmetadata:\n name: yaml-bomb\n namespace: default\n```\n### Specific Go Packages Affected\n- k8s.io/apimachinery/pkg/runtime/serializer/json\n- k8s.io/apimachinery/pkg/util/json\n",
"id": "GHSA-74fp-r6jw-h4mp",
"modified": "2024-05-20T21:45:20Z",
"published": "2023-02-08T00:35:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11253"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/83253"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/83261"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-pmqp-h87c-mr78"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubernetes/kubernetes"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0965"
},
{
"type": "WEB",
"url": "https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing"
}
GHSA-78VV-QJ73-H9M5
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-07-01 16:57Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.poi:poi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-5644"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-01T16:57:07Z",
"nvd_published_at": "2017-03-24T14:59:00Z",
"severity": "MODERATE"
},
"details": "Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.",
"id": "GHSA-78vv-qj73-h9m5",
"modified": "2022-07-01T16:57:07Z",
"published": "2022-05-13T01:14:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5644"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96983"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Restriction of Recursive Entity References in DTDs in Apache POI"
}
GHSA-7XR3-6GGC-WC9P
Vulnerability from github – Published: 2022-08-06 05:30 – Updated: 2024-11-18 23:03Impact
An attacker may be able to cause a denial-of-service (DoS) condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0
Patches
The problem has been fixed with version 1.2.1
Workarounds
None
References
https://jvn.jp/en/jp/JVN30454777/
For more information
If you have any questions or comments about this advisory: * Open an issue
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "untangle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-33977"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-06T05:30:56Z",
"nvd_published_at": "2022-07-26T06:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nAn attacker may be able to cause a denial-of-service (DoS) condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0\n\n### Patches\nThe problem has been fixed with version 1.2.1\n\n### Workarounds\nNone\n\n### References\nhttps://jvn.jp/en/jp/JVN30454777/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an [issue](https://github.com/stchris/untangle/issues)\n",
"id": "GHSA-7xr3-6ggc-wc9p",
"modified": "2024-11-18T23:03:15Z",
"published": "2022-08-06T05:30:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/stchris/untangle/security/advisories/GHSA-7xr3-6ggc-wc9p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33977"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/untangle/PYSEC-2022-243.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/stchris/untangle"
},
{
"type": "WEB",
"url": "https://github.com/stchris/untangle/releases/tag/1.2.1"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN30454777"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "untangle vulnerable to XML Entity Expansion"
}
GHSA-7XVQ-VM2P-4R2F
Vulnerability from github – Published: 2025-10-01 18:30 – Updated: 2025-10-01 18:30In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks.
{
"affected": [],
"aliases": [
"CVE-2025-20369"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T17:15:40Z",
"severity": "MODERATE"
},
"details": "In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the \"admin\" or \"power\" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks.",
"id": "GHSA-7xvq-vm2p-4r2f",
"modified": "2025-10-01T18:30:39Z",
"published": "2025-10-01T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20369"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-84P2-VF58-XHXV
Vulnerability from github – Published: 2019-04-23 16:03 – Updated: 2021-04-23 20:12c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.9.5.3"
},
"package": {
"ecosystem": "Maven",
"name": "com.mchange:c3p0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-5427"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2019-04-23T16:01:51Z",
"nvd_published_at": "2019-04-22T21:29:00Z",
"severity": "HIGH"
},
"details": "c3p0 version \u003c 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.",
"id": "GHSA-84p2-vf58-xhxv",
"modified": "2021-04-23T20:12:41Z",
"published": "2019-04-23T16:03:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5427"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/509315"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Billion laughs attack in c3p0"
}
Mitigation
If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities.
Mitigation
Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content.
CAPEC-197: Exponential Data Expansion
An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.