Published: 22/08/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

An XML External Entity (XXE) issue exists in Python up to and including 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python
debian debian linux 10.0

An XML External Entity (XXE) issue was discovered in Python through 391 The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities (CVE-2022-48565) ...

CWE-611 https://bugs.python.org/issue42051 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://security.netapp.com/advisory/ntap-20231006-0007/https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2023-1880.html

CVE-2022-48565

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect