exploitDog

GHSA-x64m-686f-fmm3

Опубликовано: 17 мая 2022

Источник: github

Github: Прошло ревью

Описание

XML External Entity (XXE) in Django

The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

Ссылки

Пакеты

Наименование

Django

pip

Затронутые версииВерсия исправления

>= 1.3.0, < 1.3.6

1.3.6

Наименование

Django

pip

Затронутые версииВерсия исправления

>= 1.4.0, < 1.4.4

1.4.4

EPSS

Процентиль: 86%

0.02995

Низкий

CVE ID

Дефекты

CWE-200

CWE-611

Связанные уязвимости

CVE-2013-1665

ubuntu

почти 13 лет назад

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

CVE-2013-1665

redhat

почти 13 лет назад

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

CVE-2013-1665

nvd

почти 13 лет назад

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

CVE-2013-1665

debian

почти 13 лет назад

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...

EPSS

Процентиль: 86%

0.02995

Низкий

CVE ID

Дефекты

CWE-200

CWE-611