CVE-2024-25129

The CVE-2024-25129 entry concerns CodeQL CLI prior to version 2.16.3, where an XML External Entity flaw in the CLI’s XML parser can cause the CLI to fetch an HTTP URL containing data read from a local file when processing malicious databases or specially crafted QL sources. Impact described as po...