CVE-2024-28757

ADVISORY - nist

Summary

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

EPSS Score⁠: 0.00044 (0.112)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - redhat

CWE-776⁠

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Impacted images

Advisories

NIST

CREATED

8 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2024-28757⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

RATING UNAVAILABLE FROM ADVISORY

Alpine

CREATED

8 months ago

UPDATED

5 months ago

ADVISORY IDCVE-2024-28757⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

8 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-28757⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

8 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-28757⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALSA-2024:1530⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALAS2023-2024-576⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDCVE-2024-28757⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-776⁠

CVSS SCORE

7.5medium

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2024-1530⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium