Vulnerabilities

CVE-2024-40896

by Fred · 23/12/2024

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting “checked”). This makes classic XXE attacks possible.

More information : https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6

Similar

Tags: Cybersecurity Alert