CVE-2024-46455

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 9, 2024
Updated: Dec 12, 2024
CWE ID 611

Summary

CVE-2024-46455 is a newly disclosed vulnerability affecting unstructured version 0.14.2 and older. This issue involves an XML External Entity (XXE) vulnerability in the XMLParser component. An attacker can exploit this flaw to inject and execute malicious code outside the original XML document, leading to potential data leakage or arbitrary code execution. Applications using the affected XMLParser are at risk, making it crucial for organizations to update to a patched version promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share