Description

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Remediation

References

CVE-2022-48565

Related Vulnerabilities

WordPress Plugin Import CSV Directory Traversal (1.0)

WordPress Plugin CevherShare Multiple Vulnerabilities (2.1)

WordPress Plugin UpdraftPlus WordPress Backup Security Bypass (1.22.1)

WordPress Inadequate Encryption Strength Vulnerability (CVE-2012-6707)

WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.6.2)

Severity

Critical

Classification

CVE-2022-48565 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities