Lucene search

[email protected]CVE-2022-37189

HistorySep 07, 2022 - 1:15 p.m.

CVE-2022-37189

2022-09-0713:15:09

CWE-611

[email protected]

web.nvd.nist.gov

ddmal mei2volpiano

0.8.2

xxe

denial of service

xml external entity

nvd

cve-2022-37189

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

59.2%

JSON

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe ‘xml.etree’ library to parse untrusted XML input.

Affected configurations

NVD

Node

ddmalmei2volpianoRange≤0.8.2python

CPENameOperatorVersion
ddmal:mei2volpianoddmal mei2volpianole0.8.2

CPE	Name	Operator	Version
ddmal:mei2volpiano	ddmal mei2volpiano	le	0.8.2

References

docs.python.org/3/library/xml.html#xml-vulnerabilities

github.com/DDMAL/MEI2Volpiano/

github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59

pyup.io/vulnerabilities/CVE-2022-37189/50928/

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for CVE-2022-37189

osv2 veracode1 cvelist1 prion1 nvd1 github1