Lucene search
GoogleOSV:PYSEC-2024-76HistoryJun 07, 2024 - 7:15 p.m.
PYSEC-2024-76
2024-06-0719:15:00
Google
osv.dev
1
xml external entity
xxe vulnerability
ebookmeta.get_metadata function
crafted xml input
sensitive information
denial of service
dos
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
37.8%
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
Related
cvelist
cvelist
CVE-2024-36827
2024-06-07 00:00:00
veracode
veracode
XML Entity Expansion (XXE)
2024-06-12 05:47:47
osv
osv
CVE-2024-36827
2024-06-07 19:15:24
ebookmeta XML External Entity vulnerability
2024-06-07 21:31:54
nvd
nvd
CVE-2024-36827
2024-06-07 19:15:24
github
github
ebookmeta XML External Entity vulnerability
2024-06-07 21:31:54
vulnrichment
vulnrichment
CVE-2024-36827
2024-06-07 00:00:00
cve
cve
CVE-2024-36827
2024-06-07 19:15:24
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
37.8%
Related for OSV:PYSEC-2024-76