PT-2021-16877 · Xml2Dict · Xml2Dict
Published
2021-06-30
·
Updated
2021-07-06
·
CVE-2021-25951
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
XML2Dict version 0.2.2
Description
The issue is an XXE vulnerability that allows an attacker to cause a denial of service. The
parse function does not properly restrict recursive entity references.Recommendations
For XML2Dict version 0.2.2, consider disabling the
parse function until a patch is available to prevent potential denial of service attacks. Restrict access to the XML2Dict module to minimize the risk of exploitation.Exploit
Fix
XXE
XML Entity Expansion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xml2Dict