CVE-2024-28757

Updated: 2025-03-29 01:44:11.914972

Description:

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0
CVSS Version 3.x	HIGH	7.5

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated	Statement
AlmaLinux 9.2 ESU	expat	2.5.0	7.5	HIGH	Released	CLSA-2025:1741291038	2025-03-06 22:08:15
CentOS 6 ELS	expat	2.0.1	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17
CentOS 7 ELS	expat	2.1.0	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17
CentOS 8.4 ELS	expat	2.2.5	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17
CentOS 8.5 ELS	expat	2.2.5	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17
CentOS Stream 8 ELS	expat	2.2.5	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17
CloudLinux 6 ELS	expat	2.0.1	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17
CloudLinux 7 ELS	expat	2.1.0	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17
Oracle Linux 6 ELS	expat	2.0.1	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17
Oracle Linux 7 ELS	expat	2.1.0	7.5	HIGH	Not Vulnerable		2025-03-03 21:59:17

1
2
›

Total: 13