CVE-2022-37189

EPSS 0.43%
Veröffentlicht 07.09.2022 13:15:09
Zuletzt bearbeitet 21.11.2024 07:14:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ddmal ≫ Mei2volpiano SwPlatformpython Version <= 0.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.622

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://docs.python.org/3/library/xml.html#xml-vulnerabilities

Third Party Advisory

https://github.com/DDMAL/MEI2Volpiano/

Third Party Advisory

Product

https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59

Patch

Third Party Advisory

https://pyup.io/vulnerabilities/CVE-2022-37189/50928/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-37189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37189

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-37189