Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Re: Billions of laughs attack

by Corion (Pope)
on Feb 27, 2018 at 14:59 UTC ( #1210038=note: print w/replies, xml ) Need Help??

in reply to Billions of laughs attack

Have you looked at the NoExpand option of XML::Parser which is at version 2.44 on CPAN? It allows you to prevent entity expansion, which should help against the Billion Laughs Attack.

As you don't tell us what "dependency issues" you got, it's hard to advise you about how to install XML::LibXML to use that instead.

My general advice is if you are talking to the outside world and you think that a Billion Laughs Attack might happen to you because you receive unfiltered input from untrusted parties, you should consider upgrading your version of Perl to at least 5.14 or preferrably to something higher to prevent lots of other attacks based on processing untrusted input in hashes and also to restore compatibility with many modules.

Replies are listed 'Best First'.
Re^2: Billions of laughs attack
by dave_the_m (Prior) on Feb 27, 2018 at 15:21 UTC
    Indeed, perl version 5.6.1 was released almost 17 years ago !!!!


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1210038]
[marto]: a grain of sand or dust in the keyboard, replace the motherboard. No we can't transfer your data for you

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (6)
As of 2018-07-23 10:03 GMT
Find Nodes?
    Voting Booth?
    It has been suggested to rename Perl 6 in order to boost its marketing potential. Which name would you prefer?

    Results (462 votes). Check out past polls.