Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3444

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.01902EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 12:34 a.m.9 views

CVE-2024-55875

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

9.8CVSS7.8AI score0.01902EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/20 12:0 a.m.7 views

The vulnerability of the Kotlin HTTP http4k application library’s functionality is related to incorrect restrictions on XML links to external objects, allowing attackers to perform XXE attacks.

The vulnerability of the Kotlin HTTP http4k application’s toolset is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

10CVSS5.5AI score0.01902EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/18 4:1 a.m.10 views

XML External Entity

org.http4k, http4k-format-xml is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper handling of malicious XML content in requests, which could allow attackers to access sensitive local information, perform Server-side Request Forgery SSRF, or potentially execute...

9.8CVSS7.2AI score0.01902EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/12/12 7:22 p.m.12 views

GHSA-7MJ5-HJJJ-8RGW http4k has a potential XXE (XML External Entity Injection) vulnerability

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. There is a potential XXEXML External Entity Injection vulnerability when http4k...

9.8CVSS8.1AI score0.01902EPSS
Exploits0References5
NVD
NVD
added 2024/12/12 7:15 p.m.14 views

CVE-2024-55875

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

9.8CVSS0.01902EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 6:56 p.m.28 views

CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

9.8CVSS0.01902EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/12 6:56 p.m.10 views

CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

9.8CVSS7.8AI score0.01902EPSS
Exploits0References3
CVE
CVE
added 2024/12/12 6:56 p.m.96 views

CVE-2024-55875

The CVE-2024-55875 entry concerns http4k (Kotlin HTTP toolkit) where the XML parsing path in http4k-format-xml uses DocumentBuilder without security hardening, enabling XXE (XML External Entity Injection) via malicious XML in requests. This can lead to disclosure of local sensitive data, SSRF, an...

9.8CVSS7.8AI score0.01902EPSS
Exploits0References3
OSV
OSV
added 2024/12/12 6:56 p.m.9 views

CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

9.8CVSS7.3AI score0.01902EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.2 views

http4k 代码问题漏洞

http4k is a lightweight but full-featured HTTP toolkit from the http4k open source. A code issue vulnerability exists in versions of http4k prior to 5.41.0.0, which stems from a potential XML External Entity Injection vulnerability in the handling of malicious XML content in a request, which coul...

9.8CVSS7.1AI score0.01902EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.6 views

PT-2024-10160 · Http4K · Http4K

Name of the Vulnerable Software and Affected Versions: http4k versions prior to 5.41.0.0 Description: The issue is related to an XXE XML External Entity Injection vulnerability when http4k handles malicious XML contents within requests. This could allow attackers to read local sensitive informati...

9.8CVSS6.1AI score0.01902EPSS
Exploits0References25
Rows per page
Query Builder