Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/02/05 12:34 a.m.9 views

CVE-2024-55875

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

9.8CVSS7.8AI score0.01902EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2024/12/12 7:22 p.m.8 views

org.http4k:http4k (>=4.3.3.0 <=4.3.4.1) potentially affected by CVE-2024-55875 via org.http4k:http4k-format-xml (>=4.3.3.0 <=4.3.4.1)

org.http4k:http4k-format-xml MAVEN version =4.3.3.0, =4.3.3.0, =4.3.4.1 Source cves: CVE-2024-55875 Source advisory: OSV:GHSA-7MJ5-HJJJ-8RGW...

9.8CVSS5.8AI score0.01902EPSS
Exploits0
nvd
nvd
added 2024/12/12 7:15 p.m.15 views

CVE-2024-55875

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

9.8CVSS0.01902EPSS
Exploits0References3
cve
cve
added 2024/12/12 6:56 p.m.97 views

CVE-2024-55875

The CVE-2024-55875 entry concerns http4k (Kotlin HTTP toolkit) where the XML parsing path in http4k-format-xml uses DocumentBuilder without security hardening, enabling XXE (XML External Entity Injection) via malicious XML in requests. This can lead to disclosure of local sensitive data, SSRF, an...

9.8CVSS7.8AI score0.01902EPSS
Exploits0References3
circl
circl
added 2024/12/12 4:12 p.m.9 views

CVE-2024-55875

creationtimestamp| type| source ---|---|--- 2024-12-12 16:12:49+00:00| published-proof-of-concept| https://github.com/http4k/http4k/security/advisories/GHSA-7mj5-hjjj-8rgw 2024-12-12 19:03:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113641404885985284 2024-12-12 21:21:56+00:00|...

9.8CVSS7.7AI score0.01902EPSS
Exploits0References11
Rows per page
Query Builder