In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). (CVE-2018-20843)
Impact
Users with valid administrative access can inject XML that consumes excessive system resources when parsed, potentially leading to reduced capacity or a failover event.