Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 7.2
CVSS3: 7.1
Описание
PyAMF vulnerable to XML external entity (XXE)
PyAMF provides Action Message Format (AMF) support for Python that is compatible with the Adobe Flash Player. It includes integration with Python web frameworks like Django, Pylons, Twisted, SQLAlchemy, web2py and more. XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-8549
- https://github.com/hydralabs/pyamf/pull/58
- https://github.com/advisories/GHSA-m7m4-4vm8-55wg
- https://github.com/hydralabs/pyamf/releases/tag/v0.8.0
- https://github.com/pypa/advisory-database/tree/main/vulns/pyamf/PYSEC-2020-339.yaml
- https://pypi.org/project/pyamf
- http://www.ocert.org/advisories/ocert-2015-011.html
Пакеты
Наименование
pyamf
pip
Затронутые версииВерсия исправления
< 0.8.0
0.8.0
Связанные уязвимости
CVSS3: 7.1
nvd
около 6 лет назад
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
CVSS3: 7.1
debian
около 6 лет назад
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows r ...