CVE-2024-40896

Опубликовано: 23 дек. 2024

Источник: ubuntu

Приоритет: medium

CVSS3: 9.1

Описание

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

Релиз	Статус	Примечание
devel	not-affected	2.12.7+dfsg+really2.9.14-0.2ubuntu2
esm-infra-legacy/trusty	not-affected	debian: Vulnerable code introduced later in 2.11.0
esm-infra/bionic	not-affected	debian: Vulnerable code introduced later in 2.11.0
esm-infra/focal	not-affected	debian: Vulnerable code introduced later in 2.11.0
esm-infra/xenial	not-affected	debian: Vulnerable code introduced later in 2.11.0
focal	not-affected	debian: Vulnerable code introduced later in 2.11.0
jammy	not-affected	debian: Vulnerable code introduced later in 2.11.0
noble	not-affected	debian: Vulnerable code introduced later in 2.11.0
oracular	released	2.12.7+dfsg-3ubuntu0.1
upstream	released	2.11.9

Показывать по

Ссылки на источники

9.1 Critical

CVSS3

Связанные уязвимости

CVE-2024-40896

CVSS3: 9.1

redhat

8 месяцев назад

CVE-2024-40896

CVSS3: 9.1

nvd

8 месяцев назад

CVE-2024-40896

CVSS3: 9.1

msrc

7 месяцев назад

Описание отсутствует

CVE-2024-40896

CVSS3: 9.1

debian

8 месяцев назад

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.1 ...

openSUSE-SU-2025:0024-1

suse-cvrf

6 месяцев назад

Security update for qt6-webengine

9.1 Critical

CVSS3

CVE-2024-40896

Описание

Пакет libxml2

Ссылки на источники

Связанные уязвимости