CVE-2021-4249

Name of the Vulnerable Software and Affected Versions xml-conduit versions prior to 1.9.1.0

Description A vulnerability was found in the DOCTYPE Entity Expansion Handler component of xml-conduit, affecting an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs. The manipulation leads to an infinite loop and can be launched remotely.

Recommendations For versions prior to 1.9.1.0, upgrade to version 1.9.1.0 to address this issue. As a temporary workaround, consider restricting the use of the DOCTYPE Entity Expansion Handler component until the upgrade is applied.