Description

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Remediation

References

CVE-2022-48565

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0060)

Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2012-1170)

WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.2.6)

WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)

WordPress 5.4.x PHP Object Injection (5.4 - 5.4.5)

Severity

Critical

Classification

CVE-2022-48565 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities