exploitDog

CVE-2020-29128

Опубликовано: 26 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

petl before 1.68, in some configurations, allows resolution of entities in an XML document.

Ссылки

https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md
Third Party Advisory
https://github.com/petl-developers/petl/compare/v1.6.7...v1.6.8
Patch
Third Party Advisory
https://github.com/petl-developers/petl/issues/526
Issue Tracking
Third Party Advisory
https://github.com/petl-developers/petl/pull/527
Patch
Third Party Advisory
https://github.com/petl-developers/petl/pull/527/commits/1b0a09f08c3cdfe2e69647bd02f97c1367a5b5f8
Patch
Third Party Advisory
https://github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347
Third Party Advisory
https://petl.readthedocs.io/en/stable/changes.html
Release Notes
Vendor Advisory
https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md
Third Party Advisory
https://github.com/petl-developers/petl/compare/v1.6.7...v1.6.8
Patch
Third Party Advisory
https://github.com/petl-developers/petl/issues/526
Issue Tracking
Third Party Advisory
https://github.com/petl-developers/petl/pull/527
Patch
Third Party Advisory
https://github.com/petl-developers/petl/pull/527/commits/1b0a09f08c3cdfe2e69647bd02f97c1367a5b5f8
Patch
Third Party Advisory
https://github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347
Third Party Advisory
https://petl.readthedocs.io/en/stable/changes.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:petl_project:petl:*:*:*:*:*:*:*:*

Версия до 1.6.8 (исключая)

EPSS

Процентиль: 83%

0.01877

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-91

Связанные уязвимости

GHSA-f5gc-p5m3-v347

CVSS3: 9.8

github

около 5 лет назад

XXE in petl

EPSS

Процентиль: 83%

0.01877

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-91