CVE-2024-36827

Published: Jun 7, 2024Modified: Mar 28, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.

Affected (1)

Products: Dnkorpushov: Ebookmeta

Dnkorpushov

1 product

Ebookmeta

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dnkorpushov Ebookmeta	Before 1.2.8

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://github.com/dnkorpushov/ebookmeta/issues/16#issue-2317712335

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/dnkorpushov/ebookmeta/issues/16#issue-2317712335

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.