CVE-2022-33977

CVE-2022-33977 affects the Python library untangle (versions ≤ 1.2.0). The root cause is improper handling of recursive entity references in DTDs, which can allow a remote unauthenticated attacker to trigger a DoS condition on the server running the product. The advisory in the connected GHSA ent...

CVE-2022-31471

The vulnerability CVE-2022-31471 affects the Python library untangle (versions up to and including 1.2.0). The root cause is improper restriction of XML External Entity (XXE) references, enabling a remote unauthenticated attacker to read local files. A fixed release is available (version 1.2.1 )....