http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. Version 5.41.0.0 contains a patch for the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. Version 5.41.0.0 contains a patch for the issue. | |
Title | http4k has a potential XXE (XML External Entity Injection) vulnerability | |
Weaknesses | CWE-200 CWE-611 CWE-918 |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-12T18:56:59.499Z
Updated: 2024-12-13T14:55:49.763Z
Reserved: 2024-12-11T15:46:36.420Z
Link: CVE-2024-55875
Vulnrichment
Updated: 2024-12-13T14:53:02.044Z
NVD
Status : Received
Published: 2024-12-12T19:15:13.983
Modified: 2024-12-13T15:15:42.860
Link: CVE-2024-55875
Redhat
No data.