GHSA-g43w-98wp-m694: SilverStripe framework XML Quadratic Blowup Attack
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site.
See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-017-1.yaml
- github.com/advisories/GHSA-g43w-98wp-m694
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/7f983c2bae1dc78ca7217e9af364b2fb71dcefe8
- www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack
Code Behaviors & Features
Detect and mitigate GHSA-g43w-98wp-m694 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →