CVE-2024-28757
HIGHDescription
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
Is your site exposed to CVE-2024-28757?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| libexpat_project | libexpat |
| fedoraproject | fedora |
| fedoraproject | fedora |
| fedoraproject | fedora |
| netapp | active_iq_unified_manager |
| netapp | oncommand_workflow_automation |
| netapp | ontap |
| netapp | ontap_tools |
| netapp | windows_host_utilities |
| netapp | h300s_firmware |
| netapp | h300s |
| netapp | h500s_firmware |
| netapp | h500s |
| netapp | h700s_firmware |
| netapp | h700s |
| netapp | h410s_firmware |
| netapp | h410s |
| netapp | h410c_firmware |
| netapp | h410c |
| netapp | h610c_firmware |
| netapp | h610c |
| netapp | h610s_firmware |
| netapp | h610s |
References
Advisories & Patches
Exploits
Other References
Frequently Asked Questions
What is CVE-2024-28757? +
How severe is CVE-2024-28757? +
What products are affected by CVE-2024-28757? +
How do I check if I'm vulnerable to CVE-2024-28757? +
Related Vulnerabilities
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a …
XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.
An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index …
Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML …
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that …
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, …