While working in WebClients project, I found that the parser does not properly restrict entity expansion when handling XML files containing DOCTYPE declarations. The issue exists in the entity replacement logic, which allows unlimited entity expansion without limiting execution cost or output size.
CVE Link
CVE Report
While working in WebClients project, I found that the parser does not properly restrict entity expansion when handling XML files containing DOCTYPE declarations. The issue exists in the entity replacement logic, which allows unlimited entity expansion without limiting execution cost or output size.
CVE Link
CVE Report