Name of the Vulnerable Software and Affected Versions Zend Dom, Zend Feed, Zend Soap, and Zend XmlRpc (affected versions not specified)

Description The issue concerns XML Entity Expansion (XEE) vectors, which can lead to Denial of Service attacks. XEE attacks happen when the XML DOCTYPE declaration includes XML entity definitions with recursive or circular references, causing CPU and memory consumption. This makes it easy to implement Denial of Service exploits.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.