CVE-2021-42859

HIGH

Mini-xml - Resource Leak

Title source: rule

Description

A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/michaelrsweet/mxml/issues/286

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (1)

mini-xml_project/mini-xml

Timeline

Published May 26, 2022

Tracked Since Feb 18, 2026