Описание
XML External Entities Vulnerability in CVRF-CSAF-Converter
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.
Пакеты
Наименование
cvrf2csaf
pip
Затронутые версииВерсия исправления
<= 1.0.0rc1
1.0.0rc2
Связанные уязвимости
CVSS3: 6.1
nvd
почти 4 года назад
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.