good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
Billions of laughs attackby nlakshmi (Initiate) |
on Feb 27, 2018 at 14:45 UTC ( [id://1210037]=perlquestion: print w/replies, xml ) | Need Help?? |
nlakshmi has asked for the wisdom of the Perl Monks concerning the following question:
Hi,
I am currently using perl 5.6.1 in my application. I am using XML::Parser (version 2.30) module to parse the XML input. This module is vulnerable for an attack called Billions of laughs attack which increases the CPU and hence leads to Denial Of Service. Is there any latest version of XML::Parser where this vulnerability is addressed? (I did not get it in CPAN) I thought of replacing XML::Parser module with XML::LibXML::Parser module to address this vulnerability as LibXML 2.0100 is having the fix. I installed that module manually. But I am getting dependency issues while executing the script. Not sure if LibXML version (2.0100) is compatible with Perl 5.6.1. Can anyone advice on this.
Thanks and regards,
Back to
Seekers of Perl Wisdom
|
|