BIT-python-2022-48565

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/python/BIT-python-2022-48565.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-python-2022-48565

Aliases

CVE-2022-48565

Published

2024-03-06T11:04:23.672Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

References

https://bugs.python.org/issue42051
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/
https://security.netapp.com/advisory/ntap-20231006-0007/

Affected packages

Bitnami / python

Package

Name: python
Purl: pkg:bitnami/python

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.13

Introduced

3.7.0

Fixed

3.7.10

Introduced

3.8.0

Fixed

3.8.7

Introduced

3.9.0

Fixed

3.9.1