admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-408xx/CVE-2024-40896.json
cad-safe-bot f51bf49e3e Auto-Update: 2025-02-28T15:00:20.043026+00:00
2025-02-28 15:03:48 +00:00

68 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-40896",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-23T17:15:08.400",
"lastModified": "2025-02-28T13:15:26.640",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible."
},
{
"lang": "es",
"value": "En libxml2 2.11 anterior a 2.11.9, 2.12 anterior a 2.12.9 y 2.13 anterior a 2.13.3, el analizador SAX puede producir eventos para entidades externas incluso si los controladores SAX personalizados intentan anular el contenido de la entidad (estableciendo \"marcado\"). Esto hace posibles los ataques XXE cl\u00e1sicos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/761",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250228-0004/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink