symfony/dependency-injection is vulnerable to XML Entity Expansion (XEE) . The vulnerability is due to XML Entity Expansion (XEE) attacks, where the use of libxml2 lacks defense against XEE Quadratic Blowup Attacks (QBA), allowing long entities to create a memory sink for Denial of Service attacks on RAM.