Vulnerability Details CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.6%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2024-40896
-
cpe:2.3:a:netapp:solidfire_&_hci_management_node:-
-
cpe:2.3:a:netapp:solidfire_&_hci_storage_node:-
-
cpe:2.3:a:xmlsoft:libxml2:2.11.0
-
cpe:2.3:a:xmlsoft:libxml2:2.11.1
-
cpe:2.3:a:xmlsoft:libxml2:2.11.2
-
cpe:2.3:a:xmlsoft:libxml2:2.11.3
-
cpe:2.3:a:xmlsoft:libxml2:2.11.4
-
cpe:2.3:a:xmlsoft:libxml2:2.11.5
-
cpe:2.3:a:xmlsoft:libxml2:2.11.7
-
cpe:2.3:a:xmlsoft:libxml2:2.12.0
-
cpe:2.3:a:xmlsoft:libxml2:2.12.1
-
cpe:2.3:a:xmlsoft:libxml2:2.12.2
-
cpe:2.3:a:xmlsoft:libxml2:2.12.3
-
cpe:2.3:a:xmlsoft:libxml2:2.12.4
-
cpe:2.3:a:xmlsoft:libxml2:2.12.5
-
cpe:2.3:a:xmlsoft:libxml2:2.12.6
-
cpe:2.3:a:xmlsoft:libxml2:2.12.7
-
cpe:2.3:a:xmlsoft:libxml2:2.12.8
-
cpe:2.3:a:xmlsoft:libxml2:2.13.0
-
cpe:2.3:a:xmlsoft:libxml2:2.13.1
-
cpe:2.3:a:xmlsoft:libxml2:2.13.2
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410c:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:h:netapp:hci_compute_node:-
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410c_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-
-
cpe:2.3:o:netapp:hci_compute_node:-