- Description
- In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-611
- Hype score
- Not currently trending
libxml2 の XXE 脆弱性 CVE-2024-40896 (CVSS 9.1) が FIX:システム侵害などの可能性 https://t.co/hYoL8AjHHN 多種多様なアプリケーションで利用されている libxml2 なので、広範な影響が懸念される脆弱性となります。ご利用のチームは、十分に ご注意ください。 #CVE202440896 #DoS #Library… https://t.co/p6Hbm7yQ7o
@iototsecnews
8 Jan 2025
113 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202440896 CVE-2024-40896 (CVSS 9.1): Critical XXE Vulnerability Discovered in libxml2 https://t.co/ihipdbXD7X
@Komodosec
28 Dec 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical XXE vulnerability in libxml2 (CVE-2024-40896) poses serious risks, enabling Remote Code Execution and Denial of Service. Affects versions < 2.11.9, 2.12.9, 2.13.3. 💻⚠️ #XXEExploitation #Libxml2Vulnerability #SensitiveData #CybersecurityNews … https://t.co/YExcni1L
@TweetThreatNews
28 Dec 2024
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-40896 (CVSS:9.1, CRITICAL) is Awaiting Analysis. In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for externa..https://t.co/fan1yjf8uV #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
28 Dec 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-40896 (CVSS:9.1, CRITICAL) is Awaiting Analysis. In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for externa..https://t.co/fan1yjf8uV #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
27 Dec 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-40896 (CVSS 9.1): Critical XXE Vulnerability Discovered in libxml2 https://t.co/WlTynj91sj
@Dinosn
26 Dec 2024
5359 Impressions
23 Retweets
81 Likes
23 Bookmarks
0 Replies
1 Quote
[1/7] Are we experiencing CVSS Inflation? A vulnerability in libxml2, CVE-2024-40896, was published yesterday and given a “Critical” (9.1) severity by CISA. Interestingly - This vulnerability is a regression of an issue that was identified over a decade ago - CVE-2012-0037, which
@JFrogSecurity
24 Dec 2024
3091 Impressions
6 Retweets
15 Likes
9 Bookmarks
2 Replies
0 Quotes
CVE-2024-40896 XXE Vulnerability in libxml2 SAX Parser Allows External Entity Attacks In libxml2 versions 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, there's a problem with the SAX parser. It ... https://t.co/QquFPVgN4m
@VulmonFeeds
23 Dec 2024
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-40896 In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to … https://t.co/RgARkS9SrP
@CVEnew
23 Dec 2024
2991 Impressions
3 Retweets
5 Likes
3 Bookmarks
0 Replies
2 Quotes