Sign In

CVE-2024-28757

ADVISORY - nist

Summary

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

EPSS Score: 0.00487 (0.646)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADVISORY - redhat

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2024-28757
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-776

CVSS SCORE

7.5high

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2024-28757
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2024-28757
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2024-28757
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

Alma

CREATED

UPDATED

ADVISORY IDALSA-2024:1530
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2023-2024-576
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2024-28757
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-776

CVSS SCORE

7.5medium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2024-1530
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium