Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.

Related CVEs

CVE-2024-47582

Key Information

GHSA ID

GHSA-rmmh-6g98-m869

Published

December 10, 2024 3:31 AM

Last Modified

December 10, 2024 3:31 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 7, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.