CVE-2024-37388 | lxml up to 4.9.0 XML ebookmeta.get_metadata xml external entity reference (Issue 16)

Posted by Angelo Barbosa | Jun 7, 2024 | CVE

A vulnerability, which was classified as problematic, was found in lxml up to 4.9.0. Affected is the function ebookmeta.get_metadata of the component XML Handler. The manipulation leads to xml external entity reference.

This vulnerability is traded as CVE-2024-37388. The attack needs to be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-37388 | lxml up to 4.9.0 XML ebookmeta.get_metadata xml external entity reference (Issue 16)

Related Posts

CVE-2022-32756 | IBM Security Verify Directory 10.0.0 information exposure (XFDB-228507)

CVE-2024-3704 | OpenGnsys 1.1.1d sql injection

CVE-2024-48948 | Elliptic Package 6.5.7 on Node.js ECDSA _truncateToN integrity check (ID 321)

CVE-2024-40348 | Bazaar 1.4.3 /api/swaggerui/static path traversal