Parameter-Entity Reference Mishandling in libxml2's parser.c
CVE-2017-16931 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Learn more about our Web Application Penetration Testing UK.