5 matches found
CVE-2024-55875
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
org.http4k:http4k (>=4.3.3.0 <=4.3.4.1) potentially affected by CVE-2024-55875 via org.http4k:http4k-format-xml (>=4.3.3.0 <=4.3.4.1)
org.http4k:http4k-format-xml MAVEN version =4.3.3.0, =4.3.3.0, =4.3.4.1 Source cves: CVE-2024-55875 Source advisory: OSV:GHSA-7MJ5-HJJJ-8RGW...
CVE-2024-55875
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
CVE-2024-55875
The CVE-2024-55875 entry concerns http4k (Kotlin HTTP toolkit) where the XML parsing path in http4k-format-xml uses DocumentBuilder without security hardening, enabling XXE (XML External Entity Injection) via malicious XML in requests. This can lead to disclosure of local sensitive data, SSRF, an...
CVE-2024-55875
creationtimestamp| type| source ---|---|--- 2024-12-12 16:12:49+00:00| published-proof-of-concept| https://github.com/http4k/http4k/security/advisories/GHSA-7mj5-hjjj-8rgw 2024-12-12 19:03:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113641404885985284 2024-12-12 21:21:56+00:00|...