该漏洞编号已预留给漏洞申报者 CVE-2019-5442

5.0 AV AC AU C I A
发布: 2019-06-12
修订: 2019-06-17

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.

0%
暂无可用Exp或PoC
当前有1条受影响产品信息