PT-2022-11249 · Mastro · Mastro
Published
2022-06-21
·
Updated
2022-06-28
·
CVE-2021-40511
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mastro version 1.0
Description
The issue allows for a denial of service through an XML Entity Expansion attack, also known as a "billion laughs" attack.
Recommendations
For Mastro version 1.0, consider disabling XML Entity Expansion to prevent the denial of service attack until a patch is available. Restrict access to the XML parsing module to minimize the risk of exploitation. Avoid using vulnerable XML features in the affected system until the issue is resolved.
Fix
XML Entity Expansion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mastro