CVE-2021-41559

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Silverstripe silverstripe/framework versions 4.8.1 through 4.10.9

Description The issue is related to a quadratic blowup in the Convert::xml2array() function, which can be exploited via a crafted XML document to enable a remote attack.

Recommendations For versions 4.8.1 through 4.10.9, consider disabling the Convert::xml2array() function until a patch is available to prevent potential exploitation. Restrict access to crafted XML documents to minimize the risk of a remote attack.

Exploit

Fix

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

BIT-SILVERSTRIPE-2021-41559

CVE-2021-41559

GHSA-9FMG-89FX-R33W

Affected Products

Silverstripe/Framework

CVE-2021-41559

Weakness Enumeration

Related Identifiers

Affected Products

References · 11