Lucene search
GoogleOSV:GHSA-WHF4-FPJ8-PGG8HistoryJun 07, 2024 - 9:31 p.m.
ebookmeta XML External Entity vulnerability
2024-06-0721:31:54
Google
osv.dev
3
xml external entity
vulnerability
ebookmeta
get_metadata
denial of service
dos
crafted xml input
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6
Confidence
High
EPSS
0.001
Percentile
37.8%
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
Related
cvelist
cvelist
CVE-2024-36827
2024-06-07 00:00:00
veracode
veracode
XML Entity Expansion (XXE)
2024-06-12 05:47:47
osv
osv
CVE-2024-36827
2024-06-07 19:15:24
PYSEC-2024-76
2024-06-07 19:15:00
github
github
ebookmeta XML External Entity vulnerability
2024-06-07 21:31:54
nvd
nvd
CVE-2024-36827
2024-06-07 19:15:24
cve
cve
CVE-2024-36827
2024-06-07 19:15:24
vulnrichment
vulnrichment
CVE-2024-36827
2024-06-07 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6
Confidence
High
EPSS
0.001
Percentile
37.8%
Related for OSV:GHSA-WHF4-FPJ8-PGG8