Description

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Remediation

References

CVE-2022-48565

Related Vulnerabilities

WordPress Plugin ZdStatistics Cross-Site Scripting (2.0.1)

WordPress Plugin Companion Revision Manager-Revision Control Unspecified Vulnerability (1.3)

Moodle Improper Input Validation Vulnerability (CVE-2013-2083)

PHP Other Vulnerability (CVE-2007-1399)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)

Severity

Critical

Classification

CVE-2022-48565 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities