CVE-2024-28757 Information

Description

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Reference

https://github.com/libexpat/libexpat/pull/842 https://github.com/libexpat/libexpat/issues/839