Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2024-28757

Published: Mar 10, 2024 | Modified: May 01, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-28757
CWEhttps://cwe.mitre.org/data/definitions/.html

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 9 RedHat expat-0:2.5.0-1.el9_3.1 *
Red Hat Enterprise Linux 9 RedHat expat-0:2.5.0-1.el9_3.1 *
Red Hat Enterprise Linux 9.2 Extended Update Support RedHat expat-0:2.5.0-1.el9_2.1 *
Cadaver Ubuntu mantic *
Expat Ubuntu esm-infra-legacy/trusty *
Expat Ubuntu esm-infra/bionic *
Expat Ubuntu esm-infra/xenial *
Expat Ubuntu focal *
Expat Ubuntu jammy *
Expat Ubuntu mantic *
Expat Ubuntu trusty/esm *
Libxmltok Ubuntu devel *
Libxmltok Ubuntu esm-apps/bionic *
Libxmltok Ubuntu esm-apps/focal *
Libxmltok Ubuntu esm-apps/jammy *
Libxmltok Ubuntu esm-apps/noble *
Libxmltok Ubuntu esm-apps/xenial *
Libxmltok Ubuntu focal *
Libxmltok Ubuntu jammy *
Libxmltok Ubuntu mantic *
Libxmltok Ubuntu noble *
Libxmltok Ubuntu oracular *
Matanza Ubuntu mantic *
Swish-e Ubuntu mantic *
Tdom Ubuntu mantic *
Wbxml2 Ubuntu mantic *
Xmlrpc-c Ubuntu mantic *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use