{"api_version":"1","generated_at":"2026-04-22T21:37:06+00:00","cve":"CVE-2013-0340","urls":{"html":"https://cve.report/CVE-2013-0340","api":"https://cve.report/api/cve/CVE-2013-0340.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-0340","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-0340"},"summary":{"title":"CVE-2013-0340","description":"expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2014-01-21 18:55:00","updated_at":"2023-11-07 02:13:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E","name":"https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/10/07/4","name":"[oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs","refsource":"MLIST","tags":[],"title":"oss-security - CVE-2021-40439: Apache OpenOffice: Billion Laughs","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/39","name":"20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT212807","name":"https://support.apple.com/kb/HT212807","refsource":"CONFIRM","tags":[],"title":"About the security content of iOS 14.8 and iPadOS 14.8 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d@%3Cannounce.apache.org%3E","name":"[announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.securityfocus.com/bid/58233","name":"58233","refsource":"BID","tags":[],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://security.gentoo.org/glsa/201701-21","name":"GLSA-201701-21","refsource":"GENTOO","tags":[],"title":"Expat: Multiple vulnerabilities (GLSA 201701-21) — Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/90634","name":"90634","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://support.apple.com/kb/HT212805","name":"https://support.apple.com/kb/HT212805","refsource":"CONFIRM","tags":[],"title":"About the security content of Security Update 2021-005 Catalina - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT212804","name":"https://support.apple.com/kb/HT212804","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Big Sur 11.6 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/40","name":"20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702@%3Cusers.openoffice.apache.org%3E","name":"[openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/33","name":"20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/38","name":"20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/35","name":"20210921 APPLE-SA-2021-09-20-3 tvOS 15","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-09-20-3 tvOS 15","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Oct/63","name":"20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/34","name":"20210921 APPLE-SA-2021-09-20-2 watchOS 8","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-09-20-2 watchOS 8","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2013/04/12/6","name":"[oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments","refsource":"MLIST","tags":[],"title":"oss-security - Re-evaluating expat/libxml2 CVE assignments","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT212819","name":"https://support.apple.com/kb/HT212819","refsource":"CONFIRM","tags":[],"title":"About the security content of watchOS 8 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Oct/62","name":"20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Oct/61","name":"20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT212815","name":"https://support.apple.com/kb/HT212815","refsource":"CONFIRM","tags":[],"title":"About the security content of tvOS 15 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1028213","name":"1028213","refsource":"SECTRACK","tags":[],"title":"expat Entity Expansion May Let Remote Users Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2013/02/22/3","name":"[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion","refsource":"MLIST","tags":[],"title":"oss-security - CVEs for libxml2 and expat internal and external XML entity expansion","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E","name":"https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E","refsource":"MISC","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT212814","name":"https://support.apple.com/kb/HT212814","refsource":"CONFIRM","tags":[],"title":"About the security content of iOS 15 and iPadOS 15 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-0340","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0340","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipad_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"2.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"1.95.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"2.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"2.1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2013-0340","qid":"378374","title":"IBM Hypertext Transfer Protocol (HTTP) Server Denial of Service (DoS) Vulnerabilty (6839161)"},{"cve":"CVE-2013-0340","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2013-0340","qid":"610370","title":"Apple iOS 15 and iPadOS 15 Security Update Missing"},{"cve":"CVE-2013-0340","qid":"670766","title":"EulerOS Security Update for expat (EulerOS-SA-2021-2524)"},{"cve":"CVE-2013-0340","qid":"670790","title":"EulerOS Security Update for expat (EulerOS-SA-2021-2548)"},{"cve":"CVE-2013-0340","qid":"690133","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for texproc/expat2 (5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9)"},{"cve":"CVE-2013-0340","qid":"710322","title":"Gentoo Linux Expat Multiple Vulnerabilities (GLSA 201701-21)"},{"cve":"CVE-2013-0340","qid":"900422","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (6264)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2013-0340","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://openwall.com/lists/oss-security/2013/02/22/3","refsource":"MISC","name":"http://openwall.com/lists/oss-security/2013/02/22/3"},{"url":"http://seclists.org/fulldisclosure/2021/Oct/61","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Oct/61"},{"url":"http://seclists.org/fulldisclosure/2021/Oct/62","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Oct/62"},{"url":"http://seclists.org/fulldisclosure/2021/Oct/63","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Oct/63"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/33","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Sep/33"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/34","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Sep/34"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/35","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Sep/35"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/38","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Sep/38"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/39","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Sep/39"},{"url":"http://seclists.org/fulldisclosure/2021/Sep/40","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2021/Sep/40"},{"url":"http://securitytracker.com/id?1028213","refsource":"MISC","name":"http://securitytracker.com/id?1028213"},{"url":"http://www.openwall.com/lists/oss-security/2013/04/12/6","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2013/04/12/6"},{"url":"http://www.openwall.com/lists/oss-security/2021/10/07/4","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2021/10/07/4"},{"url":"http://www.osvdb.org/90634","refsource":"MISC","name":"http://www.osvdb.org/90634"},{"url":"http://www.securityfocus.com/bid/58233","refsource":"MISC","name":"http://www.securityfocus.com/bid/58233"},{"url":"https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E","refsource":"MISC","name":"https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E"},{"url":"https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E","refsource":"MISC","name":"https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E"},{"url":"https://security.gentoo.org/glsa/201701-21","refsource":"MISC","name":"https://security.gentoo.org/glsa/201701-21"},{"url":"https://support.apple.com/kb/HT212804","refsource":"MISC","name":"https://support.apple.com/kb/HT212804"},{"url":"https://support.apple.com/kb/HT212805","refsource":"MISC","name":"https://support.apple.com/kb/HT212805"},{"url":"https://support.apple.com/kb/HT212807","refsource":"MISC","name":"https://support.apple.com/kb/HT212807"},{"url":"https://support.apple.com/kb/HT212814","refsource":"MISC","name":"https://support.apple.com/kb/HT212814"},{"url":"https://support.apple.com/kb/HT212815","refsource":"MISC","name":"https://support.apple.com/kb/HT212815"},{"url":"https://support.apple.com/kb/HT212819","refsource":"MISC","name":"https://support.apple.com/kb/HT212819"}]}},"nvd":{"publishedDate":"2014-01-21 18:55:00","lastModifiedDate":"2023-11-07 02:13:00","problem_types":["CWE-611"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.15","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"14.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"14.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"11.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"15.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"340","Ordinal":"59484","Title":"CVE-2013-0340","CVE":"CVE-2013-0340","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"340","Ordinal":"1","NoteData":"expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"340","Ordinal":"2","NoteData":"2014-01-21","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"340","Ordinal":"3","NoteData":"2021-10-27","Type":"Other","Title":"Modified"}]}}}