CVE-2022-37189

Опубликовано: 07 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.

Ссылки

https://docs.python.org/3/library/xml.html#xml-vulnerabilities
Third Party Advisory
https://github.com/DDMAL/MEI2Volpiano/
Product
Third Party Advisory
https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59
Patch
Third Party Advisory
https://pyup.io/vulnerabilities/CVE-2022-37189/50928/
Third Party Advisory
https://docs.python.org/3/library/xml.html#xml-vulnerabilities
Third Party Advisory
https://github.com/DDMAL/MEI2Volpiano/
Product
Third Party Advisory
https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59
Patch
Third Party Advisory
https://pyup.io/vulnerabilities/CVE-2022-37189/50928/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ddmal:mei2volpiano:*:*:*:*:*:python:*:*

Версия до 0.8.2 (включая)

EPSS

Процентиль: 61%

0.00406

Низкий

7.5 High

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-6xm7-3cc5-47f9