7 matches found
XML External Entity
org.http4k, http4k-format-xml is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper handling of malicious XML content in requests, which could allow attackers to access sensitive local information, perform Server-side Request Forgery SSRF, or potentially execute...
CVE-2024-55875
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
CVE-2024-55875
The CVE-2024-55875 entry concerns http4k (Kotlin HTTP toolkit) where the XML parsing path in http4k-format-xml uses DocumentBuilder without security hardening, enabling XXE (XML External Entity Injection) via malicious XML in requests. This can lead to disclosure of local sensitive data, SSRF, an...
CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...
PT-2024-10160 · Http4K · Http4K
Name of the Vulnerable Software and Affected Versions: http4k versions prior to 5.41.0.0 Description: The issue is related to an XXE XML External Entity Injection vulnerability when http4k handles malicious XML contents within requests. This could allow attackers to read local sensitive informati...