{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61167?format=json","vulnerability_id":"VCID-sr97-j3zq-tqgr","summary":"Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.","aliases":[{"alias":"CVE-2024-13971"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-13971","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08884","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-13971"},{"reference_url":"https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/","reference_id":"schutzwerk-sa-2024-005","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/V:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T13:15:29Z/"}],"url":"https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/"}],"weaknesses":[{"cwe_id":611,"name":"Improper Restriction of XML External Entity Reference","description":"The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output."}],"exploits":[],"severity_range_score":"7.7 - 7.7","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sr97-j3zq-tqgr"}