Описание
Inline DTD allows XML bomb attack
The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
Пакеты
Наименование
sweet_xml
Затронутые версииВерсия исправления
< 0.7.0
0.7.0
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.