CVE-2024-40896 – Libxml2 XXE Information Disclosure

CVE ID : CVE-2024-40896

Published : Dec. 23, 2024, 5:15 p.m. | 4 hours, 18 minutes ago

Description : In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting “checked”). This makes classic XXE attacks possible.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-40896

Published : Dec. 23, 2024, 5:15 p.m. | 4 hours, 18 minutes ago

Description : In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting “checked”). This makes classic XXE attacks possible.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…