3 matches found
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
The CVRF-CSAF-Converter (Python tool) is vulnerable to XML External Entities (XXE) in versions before 1.0.0-rc2, allowing an attacker to disclose arbitrary local files from the system running the converter. The issue arises from XXE handling in the input processing. Remediation: upgrade to 1.0.0-...