In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.
Information Disclosure
NVD
GitHub
CVSS 3.1
2.9
EPSS
0.0%
Mustang before 2.16.3 allows exfiltrating files via XXE attacks. Rated low severity (CVSS 2.8). No vendor patch available.
XXE
NVD
GitHub
CVSS 3.1
2.8
EPSS
0.0%