CVE-2014-3574: Entity expansion (billion laughs) flaw

September 4, 2014 (updated August 28, 2017)

This package allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

References

bugzilla.redhat.com/CVE-2014-3574
issues.apache.org/bugzilla/show_bug.cgi?id=54764

Code Behaviors & Features

Detect and mitigate CVE-2014-3574 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →