XML Entity Expansion Attack in SweetXml Package

XML Entity Expansion Attack in SweetXml Package

CVE-2019-15160 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.

Learn more about our Web Application Penetration Testing UK.