发布于3月6日3月6日 Members Ubuntu: USN-7215-1 (CVE-2024-40896): libxml2 vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 01/18/2025 Added 01/17/2025 Modified 01/17/2025 Description In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. Solution(s) ubuntu-upgrade-libxml2 References https://attackerkb.com/topics/cve-2024-40896 CVE - 2024-40896 USN-7215-1
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。