PT-2019-14016 · Sweetxml · Sweetxml

Nlevn

Published

2019-08-19

Updated

2022-04-12

CVE-2019-15160

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SweetXml versions through 0.6.6

Description The issue allows attackers to cause a denial of service through an XML entity expansion attack using an inline DTD, leading to resource consumption.

Recommendations For versions through 0.6.6, update to a version that contains a fix for this issue to prevent denial of service attacks.

Exploit

Fix

XXE

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-776

Related Identifiers

CVE-2019-15160

GHSA-QPMC-WPRV-X746

Affected Products

Sweetxml

PT-2019-14016 · Sweetxml · Sweetxml

CVE-2019-15160

Weakness Enumeration

Related Identifiers

Affected Products

References · 6