Описание
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 1.2.1-1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | not-affected | 1.2.1-1 |
| trusty | DNE | |
| upstream | released | 1.2.1-1 |
| xenial | DNE |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.
untangle is a python library to convert XML data to python objects. un ...
untangle vulnerable to Improper Restriction of XML External Entity Reference
EPSS
7.5 High
CVSS3