Description
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Redirect & Thank You Page Cross-Site Request Forgery (1.0.3)
WordPress Plugin Quiz Maker SQL Injection (6.5.8.3)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24407)
WordPress Plugin WP RSS By Publishers Multiple SQL Injection Vulnerabilities (0.1)