PT-2024-31995 · Unknown · Unstructured

Mohanraj R

Published

2024-12-09

Updated

2024-12-18

CVE-2024-46455

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions unstructured versions prior to 0.14.2

Description The issue is related to an XML External Entity (XXE) vulnerability via the XMLParser. This vulnerability affects the unstructured tool.

Recommendations For versions prior to 0.14.2, as a temporary workaround, consider disabling the XMLParser until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2024-46455

GHSA-32R8-54HF-C9P3

GO-2024-3315

OPENSUSE-SU-2024:14599-1

Affected Products

Unstructured

PT-2024-31995 · Unknown · Unstructured

CVE-2024-46455

Weakness Enumeration

Related Identifiers

Affected Products

References · 36