Description

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.

Remediation

References

CVE-2021-41559

Related Vulnerabilities

WordPress Plugin Event Banner Arbitrary File Upload (1.3)

Moodle Incorrect Default Permissions Vulnerability (CVE-2012-1157)

MySQL CVE-2019-2778 Vulnerability (CVE-2019-2778)

WordPress Plugin WP Security Safe Cross-Site Request Forgery (2.2.2)

WordPress Plugin WP Review Multiple Unspecified Vulnerabilities (2.0)

Severity

Medium

Classification

CVE-2021-41559 CWE-776 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities