Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
XXE DoS in configuration import #2
An appropriately placed attacker can upload a ZIP file with XML files within it. If these XML files contain the payload from billion laughs attack (https://en.wikipedia.org/wiki/Billion_laughs_attack), a denial of service scenario can be created.
Before loading the XML into memory, use