CVE-2021-41559: Quadratic blowup in Convert::xml2array()
(updated )
Silverstripe silverstripe/framework has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
- github.com/advisories/GHSA-9fmg-89fx-r33w
- github.com/silverstripe/silverstripe-framework/releases
- nvd.nist.gov/vuln/detail/CVE-2021-41559
- www.silverstripe.org/download/security-releases/
- www.silverstripe.org/download/security-releases/cve-2021-41559
Code Behaviors & Features
Detect and mitigate CVE-2021-41559 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →