Описание
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.9 | fixed | 3.9.1~rc1-1 | package | |
| python3.7 | removed | package | ||
| python2.7 | removed | package | ||
| python2.7 | fixed | 2.7.18-8+deb11u1 | bullseye | package |
| pypy3 | fixed | 7.3.5+dfsg-2 | package |
Примечания
https://bugs.python.org/issue42051
https://github.com/python/cpython/issues/86217
https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2 (v3.10.0a2)
https://github.com/python/cpython/commit/479553c7c11306a09ce34edb6ef208133b7b95fe (v3.9.1rc1)
https://github.com/python/cpython/commit/65894cac0835cb8f469f649e20aa1be8bf89f5ae (v3.8.7rc1)
https://github.com/python/cpython/commit/e512bc799e3864fe3b1351757261762d63471efc (v3.7.10)
https://github.com/python/cpython/commit/a158fb9c5138db94adf24fbc5690467cda811163 (v3.6.13)
EPSS
Связанные уязвимости
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Уязвимость модуля plistlib интерпретатора языка программирования Python, позволяющая нарушителю проводить XXE-атаки
EPSS