bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-31471 via untangle (=1.1.1)

untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-31471 Source advisory: OSV:PYSEC-2022-244...

PT-2022-20749 · Untangle · Untangle

Name of the Vulnerable Software and Affected Versions: untangle versions 1.2.0 and earlier Description: untangle is a python library to convert XML data to python objects. It improperly restricts XML external entity references, allowing a remote unauthenticated attacker to read the contents of...