SS-2014-017: XML Quadratic Blowup Attack
- Low (?)
- Versions Affected:
- 3.1.11 and below
- Versions Fixed:
- Release Date:
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site.
See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup.
Thanks to Jamie Totten.