CVE-2019-5442
HIGHPippo 1.12.0 - Denial of Service via XML Entity Expansion
Title source: llmDescription
XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/506791
Scores
CVSS v3
7.5
EPSS
0.0144
EPSS Percentile
69.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-776
Status
published
Products (2)
pippo/pippo
1.12.0
ro.pippo/pippo-jaxb
0Maven
Published
Jun 12, 2019
Tracked Since
Feb 18, 2026