EPSS
Percentile
45.3%
Pippo Content Type Parent is vulnerable to denial of service. Pippo unsafely parses user provided XML as it allows user to provide DTD. The attacker thus could craft a malicious input to trigger a billion laughs attack, crashing the system.
github.com/pippo-java/pippo/blob/7da9f4db945d10113cf4ea4ed44ba0f1a7f83a8f/pippo-content-type-parent/pippo-jaxb/src/main/java/ro/pippo/jaxb/JaxbEngine.java#L78
hackerone.com/reports/506791