CVE-2021-41559

Published: Jun 29, 2022
Updated: Aug 9, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-41559" target="_blank" rel="noopener"> CVE-2021-41559
GHSA: <a href="https://github.com/advisories/GHSA-9fmg-89fx-r33w" target="_blank" rel="noopener"> GHSA-9fmg-89fx-r33w
Severity: Medium
Exploit:

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
silverstripe / silverstripe	-	4.10.9
silverstripe / framework	4.0.0	4.10.9

Vulnerability Database