DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.
References
Link | Resource |
---|---|
https://docs.python.org/3/library/xml.html#xml-vulnerabilities | Third Party Advisory |
https://github.com/DDMAL/MEI2Volpiano/ | Product Third Party Advisory |
https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59 | Patch Third Party Advisory |
https://pyup.io/vulnerabilities/CVE-2022-37189/50928/ | Third Party Advisory |
https://docs.python.org/3/library/xml.html#xml-vulnerabilities | Third Party Advisory |
https://github.com/DDMAL/MEI2Volpiano/ | Product Third Party Advisory |
https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59 | Patch Third Party Advisory |
https://pyup.io/vulnerabilities/CVE-2022-37189/50928/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 07:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.python.org/3/library/xml.html#xml-vulnerabilities - Third Party Advisory | |
References | () https://github.com/DDMAL/MEI2Volpiano/ - Product, Third Party Advisory | |
References | () https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59 - Patch, Third Party Advisory | |
References | () https://pyup.io/vulnerabilities/CVE-2022-37189/50928/ - Third Party Advisory |
Information
Published : 2022-09-07 13:15
Updated : 2024-11-21 07:14
NVD link : CVE-2022-37189
Mitre link : CVE-2022-37189
CVE.ORG link : CVE-2022-37189
JSON object : View
Products Affected
ddmal
- mei2volpiano
CWE
CWE-611
Improper Restriction of XML External Entity Reference