libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.Referenceshttps://github.com/libexpat/libexpat/pull/1183https://github.com/libexpat/libexpat/issues/47
