Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-48565

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Published

2023-08-22T19:16:32.007

Last Modified

2024-11-21T07:33:30.950

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	python	python	< 3.6.13	Yes
Application	python	python	< 3.7.10	Yes
Application	python	python	< 3.8.7	Yes
Application	python	python	< 3.9.1	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://bugs.python.org/issue42051 Exploit, Issue Tracking, Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/ ([email protected])
https://security.netapp.com/advisory/ntap-20231006-0007/ ([email protected])
https://bugs.python.org/issue42051 Exploit, Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231006-0007/ (af854a3a-2127-422b-91ae-364da2661108)