Description

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Remediation

References

CVE-2022-48565

Related Vulnerabilities

WordPress Plugin DSGVO All in one for WP Cross-Site Scripting (4.1)

Atlassian Jira Missing Authorization Vulnerability (CVE-2019-15013)

Python Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-2667)

WordPress Plugin Placemarks Cross-Site Scripting (2.0.0)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8120)

Severity

Critical

Classification

CVE-2022-48565 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities