CVE-2019-5442

Name of the Vulnerable Software and Affected Versions Pippo version 1.12.0

Description The issue allows for a Denial of Service through an XML Entity Expansion, also known as a Billion Laughs Attack. This occurs when entities are created recursively, consuming large amounts of heap memory. As a result, the JVM process will eventually run out of memory. If the operating system does not limit the memory for this process, memory exhaustion will continue and can affect other processes on the system.

Recommendations For Pippo version 1.12.0, consider disabling XML entity expansion to prevent the Denial of Service attack until a patch is available. Restricting the amount of memory allocated to the JVM process can also help mitigate the issue.