Lucene search

K
nvd[email protected]NVD:CVE-2024-28757
HistoryMar 10, 2024 - 5:15 a.m.

CVE-2024-28757

2024-03-1005:15:06
web.nvd.nist.gov
9
libexpat
2.6.1
xml entity expansion
attack
external parsers
xml_externalentityparsercreate
cve-2024-28757

AI Score

7.5

Confidence

High

EPSS

0

Percentile

10.3%

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).