First published: Mon Jun 27 2022(Updated: )
CVE-2021-41559: Quadratic blowup in Convert::xml2array()
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/framework | >=4.0.0<4.10.9 | |
composer/silverstripe/framework | >=4.0.0<4.10.9 | 4.10.9 |
Silverstripe silverstripe | <4.10.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41559 is a vulnerability in Silverstripe framework that allows for a remote attack via a crafted XML document.
CVE-2021-41559 in Silverstripe framework can lead to a quadratic blowup in Convert::xml2array() function.
CVE-2021-41559 has a severity level of medium with a severity value of 6.5.
To fix CVE-2021-41559, update your Silverstripe framework to version 4.10.10 or higher.
You can find more information about CVE-2021-41559 at the following references: [Silverstripe Security Releases](https://www.silverstripe.org/download/security-releases/cve-2021-41559), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2021-41559), [GitHub Security Advisories](https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml).