Description
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Remediation
References
Related Vulnerabilities
WebLogic Improper Input Validation Vulnerability (CVE-2019-12400)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Scripting Vulnerabilities (1.8.11)
WordPress Plugin Instagram Plugin-InstaLinker Cross-Site Scripting (1.1.1)
phpList Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-22249)