Lucene search

K

GoogleOSV:BIT-PYTHON-2022-48565

HistoryMar 06, 2024 - 11:04 a.m.

BIT-python-2022-48565

2024-03-0611:04:23

Google

osv.dev

26

xml

external entity

python

plistlib

xml vulnerabilities

security

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

64.9%

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

References

bugs.python.org/issue42051

lists.debian.org/debian-lts-announce/2023/09/msg00022.html

lists.debian.org/debian-lts-announce/2023/10/msg00017.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/

security.netapp.com/advisory/ntap-20231006-0007/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

64.9%

Related for OSV:BIT-PYTHON-2022-48565

openvas17 nessus25 osv10 cloudlinux1 prion1 ubuntu2 debiancve1 redhatcve1 fedora3 amazon4 cvelist1 cve1 veracode1 ubuntucve1 nvd1 ibm4 f51 redos1 almalinux1 redhat1 oraclelinux1 debian2 mageia1 photon1