Vulnerabilities > CVE-2024-36827 - XXE vulnerability in Dnkorpushov Ebookmeta

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dnkorpushov

CWE-611

NVD

Published: 2024-06-07

Updated: 2024-09-13

Summary

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.

Vulnerable Configurations

Part	Description	Count
Application	Dnkorpushov Dnkorpushov Ebookmeta - Dnkorpushov Ebookmeta 0.10.2 Dnkorpushov Ebookmeta 0.11.2 Dnkorpushov Ebookmeta 1.0.3 Dnkorpushov Ebookmeta 1.1.3 Dnkorpushov Ebookmeta 1.1.4 Dnkorpushov Ebookmeta 1.2.0 Dnkorpushov Ebookmeta 1.2.1 Dnkorpushov Ebookmeta 1.2.4 Dnkorpushov Ebookmeta 1.2.5 Dnkorpushov Ebookmeta 1.2.6 Dnkorpushov Ebookmeta 1.2.7	12

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://github.com/dnkorpushov/ebookmeta/issues/16#issue-2317712335