{"vulnerability": "CVE-2013-0340", "sightings": [{"uuid": "9d45b3df-6392-42d7-aa41-e6b7e1b16e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2013-0340", "type": "seen", "source": "https://t.me/cibsecurity/30189", "content": "\u203c CVE-2021-40439 \u203c\n\nApache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a \"Billion Laughs\" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:13.000000Z"}, {"uuid": "59a1c9f8-5243-42af-8edc-dbee2c31abc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2013-0340", "type": "seen", "source": "https://t.me/arpsyndicate/1673", "content": "#ExploitObserverAlert\n\nCVE-2013-0340\n\nDESCRIPTION: Exploit Observer has 27 entries related to CVE-2013-0340. expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.\n\nFIRST-EPSS: 0.005430000\nNVD-IS: 6.4\nNVD-ES: 8.6", "creation_timestamp": "2023-12-10T18:28:53.000000Z"}]}