CVE-2024-46455
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 9, 2024
Updated: Dec 12, 2024
CWE ID 611
Summary
CVE-2024-46455 is a newly disclosed vulnerability affecting unstructured version 0.14.2 and older. This issue involves an XML External Entity (XXE) vulnerability in the XMLParser component. An attacker can exploit this flaw to inject and execute malicious code outside the original XML document, leading to potential data leakage or arbitrary code execution. Applications using the affected XMLParser are at risk, making it crucial for organizations to update to a patched version promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share