CVE-2024-28757
published 2024-03-10CVE-2024-28757: libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | expat | < expat 2.6.1-2 (forky) | expat 2.6.1-2 (forky) |
| debian | libxmltok | < expat 2.6.1-2 (forky) | expat 2.6.1-2 (forky) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libexpat_project | libexpat | < 2.6.2 | 2.6.2 |
| msrc | azl3_cmake_3.30.3-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_expat_2.5.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_expat_2.6.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_python3_3.12.3-5_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cmake_3.21.4-17_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_expat_2.5.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_expat_2.6.2-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_python3_3.9.19-13_on_cbl_mariner_2.0 | — | — |
| netapp | ontap | — | — |
| netapp | ontap_tools | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH