Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.11 views

CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/08/06 5:30 a.m.3 views

bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-31471 via untangle (=1.1.1)

untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-31471 Source advisory: OSV:GHSA-F83Q-2CP7-QRJG...

7.5CVSS6.4AI score0.01336EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/26 6:15 a.m.2 views

CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

7.5CVSS5.6AI score0.01336EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/07/26 6:15 a.m.3 views

bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-31471 via untangle (=1.1.1)

untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-31471 Source advisory: OSV:PYSEC-2022-244...

7.5CVSS6.4AI score0.01336EPSS
Exploits0
CVE
CVE
added 2022/07/26 5:10 a.m.80 views

CVE-2022-31471

The vulnerability CVE-2022-31471 affects the Python library untangle (versions up to and including 1.2.0). The root cause is improper restriction of XML External Entity (XXE) references, enabling a remote unauthenticated attacker to read local files. A fixed release is available (version 1.2.1 )....

7.5CVSS7.3AI score0.01336EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder