Skip to main content
Version: latest

CVE-2024-28757

CVE Details

Visit the official vulnerability details page for CVE-2024-28757 to learn more.

Initial Publication

10/25/2024

Last Update

09/02/2025

Third Party Dependency

libexpat

NIST CVE Summary

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

CVE Severity

7.5

Our Official Summary

This is a high-severity denial-of-service (DoS) vulnerability in libexpat, a widely used C library for parsing XML. It affects versions ≤ 2.6.1 and is fixed in version 2.6.2. Risk of exploitation is low for our products as attacker has to gain privilged access to the container and run code on the container to be able to exploit this. Probability of exploitation is very low. If a fix becomes available upstream, that will be adopted to fix this vulnerability.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.7.16⚠️ Impacted✅ No Impact⚠️ Impacted⚠️ Impacted
4.6.41⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.22⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
08/18/2025Advisory assigned with HIGH severity
05/29/2025Official summary added