CVE-2024-37388
CRITICALDescription
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
Is your site exposed to CVE-2024-37388?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dnkorpushov | ebookmeta |
References
Frequently Asked Questions
What is CVE-2024-37388? +
How severe is CVE-2024-37388? +
What products are affected by CVE-2024-37388? +
How do I check if I'm vulnerable to CVE-2024-37388? +
Related Vulnerabilities
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket …
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, …
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects …
Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) …
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version …
PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, …