GHSA-hwcx-9p4j-7hwj

Suggest an improvement
Source
https://github.com/advisories/GHSA-hwcx-9p4j-7hwj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-hwcx-9p4j-7hwj/GHSA-hwcx-9p4j-7hwj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hwcx-9p4j-7hwj
Aliases
Published
2019-06-13T20:22:30Z
Modified
2023-11-08T04:01:36.289975Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
XML Entity Expansion in Pippo
Details

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.

Database specific 
{
    "nvd_published_at": "2019-06-12T16:29:00Z",
    "github_reviewed_at": "2019-06-13T20:22:17Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-776"
    ]
}
References

Affected packages

Maven / ro.pippo:pippo-jaxb

Package

Name
ro.pippo:pippo-jaxb
View open source insights on deps.dev
Purl
pkg:maven/ro.pippo/pippo-jaxb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.12.0

Affected versions

0.*

0.6.0
0.6.1
0.7.0
0.8.0
0.9.0
0.9.1
0.10.0

1.*

1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
1.10.0
1.11.0
1.12.0