9 matches found
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
EUVD-2022-1470
Malicious code in bioql PyPI...
GHSA-M8GQ-83GH-V42V XML External Entities Vulnerability in CVRF-CSAF-Converter
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
XML External Entities Vulnerability in CVRF-CSAF-Converter
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
Xxe
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
The CVRF-CSAF-Converter (Python tool) is vulnerable to XML External Entities (XXE) in versions before 1.0.0-rc2, allowing an attacker to disclose arbitrary local files from the system running the converter. The issue arises from XXE handling in the input processing. Remediation: upgrade to 1.0.0-...
PT-2022-18280
Name of the Vulnerable Software and Affected Versions CVRF-CSAF-Converter versions prior to 1.0.0-rc2 Description The issue allows for the inclusion of arbitrary local file content into the generated output document due to XML External Entities XXE. This can be exploited by an attacker to disclos...