CVE-2024-46455: unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.

0.0 CVSS

Description

unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.

Classification

CVE ID: CVE-2024-46455

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/Unstructured-IO/unstructured/tree/0.14.2
https://binarysouljour.me/cve-2024-46455

Timeline