- Description
- http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. Version 5.41.0.0 contains a patch for the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
#exploit 1. CVE-2024-53677: Critical Apache Struts RCE https://t.co/obcHCIK3qM 2. CVE-2024-10793: WP Activity Log plugin XSS https://t.co/nbC256xZqX 3. CVE-2024-55875: Kotlin HTTP XXE/SSRF https://t.co/BuZqsrJDDO
@VIPER92929
24 Dec 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-55875 (CVSS 9.8): Critical XXE Vulnerability Found in http4k Toolkit Understanding the CVE-2024-55875 vulnerability in the http4k toolkit: risks, impacts, and ways to mitigate this critical XXE Injection vulnerability https://t.co/FlMbPDrK5U
@the_yellow_fall
17 Dec 2024
240 Impressions
2 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2024-55875 XXE Vulnerability in http4k Allows Code Execution and SSRF http4k is a toolkit used for Kotlin HTTP apps. Before version 5.41.0.0, there was a vulnerability called XML External Entity Injection (XX... https://t.co/YsmyPogGUE
@VulmonFeeds
13 Dec 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-55875: CRITICAL] Stay safe from cyber threats! Update to http4k version 5.41.0.0 to patch a XXE vulnerability allowing attackers to read server data and execute code. #cybersecurity#cybersecurity,#vulnerability https://t.co/sI8BQwsiw0 https://t.co/LxUJgZUFfs
@CveFindCom
12 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes