{
  "id": "CVE-2024-28757",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-03-10T05:15:06.570",
  "lastModified": "2024-05-01T19:15:22.567",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate)."
    },
    {
      "lang": "es",
      "value": "libexpat hasta 2.6.1 permite un ataque de expansi\u00f3n de entidad XML cuando hay un uso aislado de analizadores externos (creados a trav\u00e9s de XML_ExternalEntityParserCreate)."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "http://www.openwall.com/lists/oss-security/2024/03/15/1",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/libexpat/libexpat/issues/839",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/libexpat/libexpat/pull/842",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20240322-0001/",
      "source": "cve@mitre.org"
    }
  ]
}