Headline
GHSA-9fmg-89fx-r33w: Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
Quadratic blowup in Convert::xml2array()
Moderate severity GitHub Reviewed Published Jun 29, 2022 • Updated Jun 29, 2022