Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2014-017: XML Quadratic Blowup Attack

SS-2014-017: XML Quadratic Blowup Attack

Severity:
Low (?)
Identifier:
SS-2014-017
Versions Affected:
3.1.11 and below
Versions Fixed:
3.1.12
Release Date:
2015-03-20

A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site.

See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup.

Thanks to Jamie Totten.