3 matches found
CVE-2022-33977
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...
bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-33977 via untangle (=1.1.1)
untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-33977 Source advisory: OSV:GHSA-7XR3-6GGC-WC9P...
CVE-2022-33977
CVE-2022-33977 affects the Python library untangle (versions ≤ 1.2.0). The root cause is improper handling of recursive entity references in DTDs, which can allow a remote unauthenticated attacker to trigger a DoS condition on the server running the product. The advisory in the connected GHSA ent...