CVE-2022-48565

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:33

Type Values Removed Values Added
References () https://bugs.python.org/issue42051 - Exploit, Issue Tracking, Patch, Vendor Advisory () https://bugs.python.org/issue42051 - Exploit, Issue Tracking, Patch, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html - Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html - () https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/ -
References () https://security.netapp.com/advisory/ntap-20231006-0007/ - () https://security.netapp.com/advisory/ntap-20231006-0007/ -

Information

Published : 2023-08-22 19:16

Updated : 2024-11-21 07:33


NVD link : CVE-2022-48565

Mitre link : CVE-2022-48565

CVE.ORG link : CVE-2022-48565


JSON object : View

Products Affected

python

  • python

debian

  • debian_linux
CWE
CWE-611

Improper Restriction of XML External Entity Reference