CVE-2021-3541

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion) in conan/libxml2

Identifiers

CVE-2021-3541

Package Slug

conan/libxml2

Vulnerability

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)

Description

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Affected Versions

All versions before 2.9.11

Solution

Upgrade to version 2.9.12 or above.

Last Modified

2021-07-13

source