{"uuid": "142eabe0-23f6-45ae-96e1-180d2508c9d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-11253", "type": "seen", "source": "https://t.me/warmakerz/1174", "content": "The hilarious Billion Laughs vulnerability is essentially an XML bomb that causes denial of service through exponential entity expansion.\n\nThe attack defines a hierarchy of DTD entities , where each entity references multiple instances of the previous one, which leads to exponential growth of content during parsing and exhaustion of memory/CPU in the XML parser.\n\nBy the way, a similar technique exists for YAML, with the ironic name YAML-BOMB . Here anchors and aliases are expanded as macros, leading to DoS (for example, CVE-2019-11253 in Kubernetes)\n\n\u27a1\ufe0f\u27a1\ufe0f  @WarmakerZ  \u2b05\ufe0f\u2b05\ufe0f", "creation_timestamp": "2025-04-29T03:53:00.000000Z"}