- Description
- In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-611
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2024-40896 XXE Vulnerability in libxml2 SAX Parser Allows External Entity Attacks In libxml2 versions 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, there's a problem with the SAX parser. It ... https://t.co/QquFPVgN4m
@VulmonFeeds
23 Dec 2024
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-40896 In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to … https://t.co/RgARkS9SrP
@CVEnew
23 Dec 2024
2991 Impressions
3 Retweets
5 Likes
3 Bookmarks
0 Replies
2 Quotes