W3C home > Mailing lists > Public > www-validator-cvs@w3.org > October 2015

[Bug 29244] New: Billion laughs vulnerability (aka XML bomb)

From: <bugzilla@jessica.w3.org>
Date: Mon, 26 Oct 2015 20:12:49 +0000
To: www-validator-cvs@w3.org
Message-ID: <bug-29244-169@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29244

            Bug ID: 29244
           Summary: Billion laughs vulnerability (aka XML bomb)
           Product: Validator
           Version: HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Parser
          Assignee: dave.null@w3.org
          Reporter: comfreek@outlook.com
        QA Contact: www-validator-cvs@w3.org
  Target Milestone: ---

1. Open https://validator.w3.org/#validate_by_input
2. Paste the source code for the billion laughs attack:
https://en.wikipedia.org/wiki/Billion_laughs
3. Server responds with "500 Internal Server Error"

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Monday, 26 October 2015 20:12:51 UTC

This archive was generated by hypermail 2.3.1 : Monday, 26 October 2015 20:12:51 UTC