CVE-2022-37189

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ddmal:mei2volpiano:*:*:*:*:*:python:*:*

History

21 Nov 2024, 07:14

Type Values Removed Values Added
References () https://docs.python.org/3/library/xml.html#xml-vulnerabilities - Third Party Advisory () https://docs.python.org/3/library/xml.html#xml-vulnerabilities - Third Party Advisory
References () https://github.com/DDMAL/MEI2Volpiano/ - Product, Third Party Advisory () https://github.com/DDMAL/MEI2Volpiano/ - Product, Third Party Advisory
References () https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59 - Patch, Third Party Advisory () https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59 - Patch, Third Party Advisory
References () https://pyup.io/vulnerabilities/CVE-2022-37189/50928/ - Third Party Advisory () https://pyup.io/vulnerabilities/CVE-2022-37189/50928/ - Third Party Advisory

Information

Published : 2022-09-07 13:15

Updated : 2024-11-21 07:14


NVD link : CVE-2022-37189

Mitre link : CVE-2022-37189

CVE.ORG link : CVE-2022-37189


JSON object : View

Products Affected

ddmal

  • mei2volpiano
CWE
CWE-611

Improper Restriction of XML External Entity Reference