Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-kxrm-seuh-hyb9

Summary Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.

Aliases

alias	CVE-2024-28982

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28982

reference_id

reference_type

scores

value	0.00229
scoring_system	epss
scoring_elements	0.45874
published_at	2026-06-11T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.46019
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28982

Weaknesses

cwe_id	776
name	Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
description	The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

Exploits

Severity_range_score 7.1 - 7.1

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxrm-seuh-hyb9

Vulnerability Instance