CVE-2024-46455: unstructured XML External Entity (XXE)
(updated )
unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.
References
- binarysouljour.me/cve-2024-46455
- github.com/Unstructured-IO/unstructured
- github.com/Unstructured-IO/unstructured/commit/171b5df09fc3346aba8ce91c04de5b3e094a86bd
- github.com/Unstructured-IO/unstructured/pull/3088
- github.com/advisories/GHSA-32r8-54hf-c9p3
- nvd.nist.gov/vuln/detail/CVE-2024-46455
- www.tenable.com/cve/CVE-2024-46455
Code Behaviors & Features
Detect and mitigate CVE-2024-46455 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →