12 matches found
EUVD-2024-3444
Malicious code in bioql PyPI...
CVE-2024-55875
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
The vulnerability of the Kotlin HTTP http4k application library’s functionality is related to incorrect restrictions on XML links to external objects, allowing attackers to perform XXE attacks.
The vulnerability of the Kotlin HTTP http4k application’s toolset is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...
XML External Entity
org.http4k, http4k-format-xml is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper handling of malicious XML content in requests, which could allow attackers to access sensitive local information, perform Server-side Request Forgery SSRF, or potentially execute...
GHSA-7MJ5-HJJJ-8RGW http4k has a potential XXE (XML External Entity Injection) vulnerability
Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. There is a potential XXEXML External Entity Injection vulnerability when http4k...
CVE-2024-55875
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
CVE-2024-55875
The CVE-2024-55875 entry concerns http4k (Kotlin HTTP toolkit) where the XML parsing path in http4k-format-xml uses DocumentBuilder without security hardening, enabling XXE (XML External Entity Injection) via malicious XML in requests. This can lead to disclosure of local sensitive data, SSRF, an...
CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
http4k 代码问题漏洞
http4k is a lightweight but full-featured HTTP toolkit from the http4k open source. A code issue vulnerability exists in versions of http4k prior to 5.41.0.0, which stems from a potential XML External Entity Injection vulnerability in the handling of malicious XML content in a request, which coul...
PT-2024-10160 · Http4K · Http4K
Name of the Vulnerable Software and Affected Versions: http4k versions prior to 5.41.0.0 Description: The issue is related to an XXE XML External Entity Injection vulnerability when http4k handles malicious XML contents within requests. This could allow attackers to read local sensitive informati...