OESA-2021-1261 expat security update

🗓️ 10 Jul 2021 11:03:02Reported by GoogleType

osv🔗 osv.dev👁 1 Views

Expat 2.1.0 and earlier mishandle entity expansion without SetEntityDeclHandler, enabling external entity attack and related risks.

Reporter	Title	Published	Views	Family All 163
FreeBSD	Python -- multiple vulnerabilities	30 Aug 202100:00	–	freebsd
FreeBSD	Python -- multiple vulnerabilities	30 Aug 202100:00	–	freebsd
FreeBSD	Python -- multiple vulnerabilities	30 Aug 202100:00	–	freebsd
FreeBSD	texproc/expat2 -- billion laugh attack	21 Feb 201300:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)	13 Dec 202205:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2013-0340)	17 Jun 201815:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)	22 Nov 202215:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)	2 Dec 202202:21	–	ibm
IBM Security Bulletins	Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages	19 Nov 202514:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	27 Feb 202615:56	–	ibm

Source	Link
openeuler	www.openeuler.org/en/security/safety-bulletin/detail.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2013-0340

03 Sep 2025 06:16Current

8.4High risk

Vulners AI Score8.4

CVSS 26.8

EPSS0.00058