CVE-2024-37388 | lxml up to 4.9.0 XML ebookmeta.get_metadata xml external entity reference (Issue 16)

Posted by Angelo Barbosa | Jun 7, 2024 | CVE

A vulnerability, which was classified as problematic, was found in lxml up to 4.9.0. Affected is the function ebookmeta.get_metadata of the component XML Handler. The manipulation leads to xml external entity reference.

This vulnerability is traded as CVE-2024-37388. The attack needs to be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-37388 | lxml up to 4.9.0 XML ebookmeta.get_metadata xml external entity reference (Issue 16)

Related Posts

CVE-2022-28975 | Infoblox NIOS 8.5.2-409296 VLAN View Name cross site scripting

CVE-2024-29024 | JumpServer up to 3.10.5 authorization (GHSA-8wqm-rfc7-q27q)

CVE-2024-22197 | 0xJacky Nginx-UI up to 2.0.0.beta.8 Setting command injection (GHSA-pxmr-q2x3-9x9m)

CVE-2024-22154 | SNP Digital SalesKing Plugin up to 1.6.15 on WordPress information disclosure