Опубликовано: 23 авг. 2023
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
json2xml Uncaught Exception vulnerability
The json2xml package for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-25024
- https://github.com/vinitkumar/json2xml/issues/106
- https://github.com/vinitkumar/json2xml/pull/107
- https://github.com/vinitkumar/json2xml/pull/107/files
- https://github.com/vinitkumar/json2xml/commit/a9cd75b61329801b47a8fba7473bce6c85a38b9b
- https://github.com/pypa/advisory-database/tree/main/vulns/json2xml/PYSEC-2023-149.yaml
- https://packaging.python.org/en/latest/guides/analyzing-pypi-package-downloads
Пакеты
Наименование
json2xml
pip
Затронутые версииВерсия исправления
< 3.14.0
3.14.0
Связанные уязвимости
CVSS3: 7.5
nvd
больше 2 лет назад
The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.