Количество 2
Количество 2
CVE-2020-27197
TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group.
GHSA-836c-xg97-8p4h
libtaxii Server-Side Request Forgery vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-27197 TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group. | CVSS3: 9.8 | 0% Низкий | больше 5 лет назад |
| GHSA-836c-xg97-8p4h libtaxii Server-Side Request Forgery vulnerability | CVSS3: 9.8 | 0% Низкий | почти 5 лет назад |
Уязвимостей на страницу