PyAMF suffers from insufficient AMF input payload sanitization which
results in the XML parser not preventing the processing of XML external
entities (XXE).
A specially crafted AMF payload, containing malicious references to XML
external entities, can be used to trigger denial of service (DoS)
conditions or arbitrarily return the contents of files that are
accessible with the running application privileges.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | python2-pyamf | < 0.8.0-2 | UNKNOWN |