InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Installbuilder | Vmware | * | 19.11.0 (excluding) |