Description
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Remediation
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
https://github.com/x-stream/xstream/issues/304
Related Vulnerabilities
CVE-2023-26487 Vulnerability in maven package org.webjars.bowergithub.vega:vega
CVE-2021-31411 Vulnerability in maven package com.vaadin:flow-server
CVE-2020-7766 Vulnerability in npm package json-ptr
CVE-2023-30465 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2020-28282 Vulnerability in maven package org.webjars.npm:getobject