Name of the Vulnerable Software and Affected Versions: Zend Framework 2 (affected versions not specified)

Description: The issue concerns a vulnerability to XML Entity Expansion (XEE) attacks, specifically Quadratic Blowup Attacks, in software utilizing libxml2. This vulnerability allows for Denial Of Service attacks against a host's RAM by defining a long entity and referring to it multiple times in document elements, creating a memory sink. The use of certain options like LIBXML NOENT can amplify the impact, and libxml2's defense against related Exponential or Billion Laugh's XEE attacks is only active when the LIBXML PARSEHUGE option is not set.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.