Lucene search
MitreCVE-2024-36827HistoryJun 07, 2024 - 7:15 p.m.
CVE-2024-36827
2024-06-0719:15:24
CWE-611
mitre
web.nvd.nist.gov
24
xml external entity
xxe
ebookmeta
get_metadata
denial of service
cve-2024-36827
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
37.8%
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
Affected configurations
Node
dnkorpushovebookmetaRange<1.2.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dnkorpushov | ebookmeta | * | cpe:2.3:a:dnkorpushov:ebookmeta:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-36827
2024-06-07 00:00:00
veracode
veracode
XML Entity Expansion (XXE)
2024-06-12 05:47:47
osv
osv
CVE-2024-36827
2024-06-07 19:15:24
ebookmeta XML External Entity vulnerability
2024-06-07 21:31:54
PYSEC-2024-76
2024-06-07 19:15:00
github
github
ebookmeta XML External Entity vulnerability
2024-06-07 21:31:54
nvd
nvd
CVE-2024-36827
2024-06-07 19:15:24
vulnrichment
vulnrichment
CVE-2024-36827
2024-06-07 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
37.8%
Related for CVE-2024-36827