Http4k Security Update Advisory (CVE-2024-55875)

Dec 23 2024

Overview

An update has been released to address vulnerabilities in Http4k. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-55875

Http4k versions: ~ 5.40.0.0 (inclusive)
Http4k versions: ~ 4.49.0.0 (inclusive)

Resolved Vulnerabilities

XML foreign object injection vulnerability that allows an attacker to read sensitive information on the server, cause an SSRF, and in some cases execute code(CVE-2024-55875)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-55875

Http4k version: 5.41.0.0
Http4k version: 4.50.0.0

Referenced Sites

[1] CVE-2024-55875 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-55875

[2] XXE(XML External Entity Injection) vulnerability caused by insecure DocumentBuilder configuration

https://github.com/http4k/http4k/security/advisories/GHSA-7mj5-hjjj-8rgw

Http4k Security Update Advisory (CVE-2024-55875)

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Microsoft Edge browser (131.0.2903.112) Version Security Update Advisory

Tags:

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Microsoft Edge browser (131.0.2903.112) Version Security Update Advisory