vulnerability

Debian: CVE-2024-28757: expat, libxmltok -- security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Mar 10, 2024
Added
May 15, 2025
Modified
May 30, 2025

Description

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Solution

no-fix-debian-deb-package
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.