libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/expat | deb | debian | 12 | >=2.5.0-1 | Not yet available |
| debian/expat | deb | debian | 11 | >=2.2.10-2+deb11u5 | Not yet available |
| debian/expat | deb | debian | unstable | <2.6.1-2 | 2.6.1-2 |
| debian/expat | deb | debian | 13 | <2.6.1-2 | 2.6.1-2 |
| debian/expat | deb | debian | 10 | >=2.2.6-2+deb10u4 | Not yet available |
Severity and metrics
No CVSS data available from this source.
-
-
-
-
-
3.9
-