Lucene search
GoogleOSV:GHSA-M7M4-4VM8-55WGHistoryMay 24, 2022 - 5:06 p.m.
PyAMF vulnerable to XML external entity (XXE)
2022-05-2417:06:13
Google
osv.dev
5
pyamf
xml external entity
xxe
vulnerability
denial of service
arbitrary files
amf payload
EPSS
0.002
Percentile
54.8%
PyAMF provides Action Message Format (AMF) support for Python that is compatible with the Adobe Flash Player. It includes integration with Python web frameworks like Django, Pylons, Twisted, SQLAlchemy, web2py and more. XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
References
www.ocert.org/advisories/ocert-2015-011.html
github.com/advisories/GHSA-m7m4-4vm8-55wg
github.com/hydralabs/pyamf
github.com/hydralabs/pyamf/pull/58
github.com/hydralabs/pyamf/releases/tag/v0.8.0
github.com/pypa/advisory-database/tree/main/vulns/pyamf/PYSEC-2020-339.yaml
nvd.nist.gov/vuln/detail/CVE-2015-8549
Related
nessus
nessus
cvelist
cvelist
CVE-2015-8549
2020-01-15 14:48:19
freebsd
freebsd
py-amf -- input sanitization errors
2015-12-01 00:00:00
archlinux
archlinux
python2-pyamf: XML external entity injection
2015-12-17 00:00:00
cve
cve
CVE-2015-8549
2020-01-15 15:15:11
veracode
veracode
XML External Entity (XXE) Injection
2020-01-16 03:09:07
osv
osv
PYSEC-2020-339
2020-01-15 15:15:00
prion
prion
Xxe
2020-01-15 15:15:00
github
github
PyAMF vulnerable to XML external entity (XXE)
2022-05-24 17:06:13
nvd
nvd
CVE-2015-8549
2020-01-15 15:15:11