Description

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Remediation

References

CVE-2022-48565

Related Vulnerabilities

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (1.6.9)

MySQL CVE-2018-2667 Vulnerability (CVE-2018-2667)

WordPress Plugin Car Rental by BestWebSoft Cross-Site Scripting (1.0.4)

WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)

WordPress Plugin YITH WooCommerce Wishlist Security Bypass (2.2.13)

Severity

Critical

Classification

CVE-2022-48565 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities