CVE-2024-55875

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 611
CWE ID 918
CWE ID 200

Summary

CVE-2024-55875 is a newly identified vulnerability affecting the http4k library for Kotlin HTTP applications. Before version 5.41.0.0, this toolkit was susceptible to XML External Entity Injection (XXE), a type of cybersecurity vulnerability. When handling malicious XML content within requests, http4k might inadvertently expose local sensitive information, trigger Server-side Request Forgery, or even execute code. Version 5.41.0.0 includes a patch to address this vulnerability, mitigating the associated risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share