Back to search
CVE-2019-5442
Published: Jun 12, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.
| Vendor | Product | Versions |
|---|---|---|
n/a | Pippo | affected 1.12.0 |
Weaknesses (CWE)
References
https://hackerone.com/reports/506791
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now