What is GHSA-cv2m-jfc5-xx45?

GHSA-cv2m-jfc5-xx45 is a security advisory published by GitHub Security Advisories with High severity. Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro...

Which CVE IDs does GHSA-cv2m-jfc5-xx45 cover?

GHSA-cv2m-jfc5-xx45 covers the following CVE IDs: CVE-2024-13971. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-cv2m-jfc5-xx45?

GHSA-cv2m-jfc5-xx45 has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-cv2m-jfc5-xx45HighCVSS 7.5

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro...

Vendor

GitHub Security Advisories

Published

April 30, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2024-13971 →

📋 Description

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2024-13971
https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005
http://seclists.org/fulldisclosure/2026/May/1
https://github.com/advisories/GHSA-cv2m-jfc5-xx45