CWE-776—Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
PUBLISHEDweakness recordMedium
released 2009-07-27 · last modified 2025-12-11
Metadata
名称
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
描述
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.