DEBIAN-CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

untangle 安全漏洞

untangle is a package from the individual developer Christian Stefanescu in Germany. It is used to convert XML to Python objects. A security vulnerability exists in untangle, which stems from improper restriction of XML entities in DTDs. A remote attacker could use this vulnerability to send a...

XML External Entity (XXE) Injection

pyamf is vulnerable to XML external entity XXE attacks. The attack exists because the XML parser does not disable the parsing of external DTDs, allowing a remote attacker to inject malicious external DTD entities via an Action Message Format AMF payload to retrieve system files or perform request...

VMware Patches Pesky XXE Bug in Flex BlazeDS

VMware has patched an information disclosure vulnerability affecting a number of its products that use Flex BlazeDS. The original vulnerability was discovered and disclosed in August by Matthias Kaiser of Code White GmbH. Researchers there found a XML External Entity flaw in Apache Flex BlazeDS...

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...