CVE-2024-37388 | lxml up to 4.9.0 XML ebookmeta.get_metadata xml external entity reference (Issue 16)

CVE-2024-37388 | lxml up to 4.9.0 XML ebookmeta.get_metadata xml external entity reference (Issue 16)

A vulnerability, which was classified as problematic, was found in lxml up to 4.9.0. Affected is the function ebookmeta.get_metadata of the component XML Handler. The manipulation leads to xml external entity reference. This vulnerability is traded as CVE-2024-37388. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.