Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-55875 PoC — http4k has a potential XXE (XML External Entity Injection) vulnerability

Source
https://github.com/JAckLosingHeart/CVE-2024-55875
Associated Vulnerability
Title:http4k has a potential XXE (XML External Entity Injection) vulnerability (CVE-2024-55875)
Description:http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. Version 5.41.0.0 contains a patch for the issue.
Description
CVE-2024-55875 | GHSA-7mj5-hjjj-8rgw | http4k first CVE
Readme
# CVE-2024-55875
CVE-2024-55875/GHSA-7mj5-hjjj-8rgw/http4k first CVE

POC -> https://github.com/http4k/http4k/security/advisories/GHSA-7mj5-hjjj-8rgw
File Snapshot

 [4.0K]  /data/pocs/6bf42bfc148e470a84cd5c6236e209a8dd1aafce
└── [ 150]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →