{"id":"JLSEC-2025-61","summary":"libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ...","details":"libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).","modified":"2025-11-06T23:03:31.229479Z","published":"2025-10-14T15:35:41.198Z","upstream":["CVE-2024-28757"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-28757","published":"2024-03-10T05:15:06.570Z","id":"CVE-2024-28757","imported":"2025-10-10T21:54:56.860Z","modified":"2025-03-28T19:15:21.230Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28757"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/03/15/1"},{"type":"WEB","url":"https://github.com/libexpat/libexpat/issues/839"},{"type":"WEB","url":"https://github.com/libexpat/libexpat/pull/842"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20240322-0001/"}],"affected":[{"package":{"name":"Expat_jll","ecosystem":"Julia","purl":"pkg:julia/Expat_jll?uuid=2e619515-83b5-522b-bb60-26c02a35a201"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.6.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-61.json"}}],"schema_version":"1.7.3"}