Skip to content
CVSS 7.5 · HIGH

CVE-2024-13971

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Ver en NVD

Análisis

Lobster_pro versions before 4.12.6-GA are vulnerable to an unauthenticated XML External Entity (XXE) flaw. Attackers can exploit this to read sensitive files from the host server or perform SSRF attacks to probe internal network services.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-611

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 6.3%
EPSS: 2026-05-06

Afecta

lobster-world:lobster_pro

Descripción técnica

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Publicada: 30/4/2026, 13:16:02
Última modificación: 6/5/2026, 20:19:22

Referencias

InicioEventosBlogRecursosEquipo