Description

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Remediation

References

CVE-2022-48565

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-36107)

WordPress Plugin Comprehensive Google Map Cross-Site Request Forgery (9.1.3)

Tornado Improper Input Validation Vulnerability (CVE-2012-2374)

Jboss EAP Other Vulnerability (CVE-2014-3490)

WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)

Severity

Critical

Classification

CVE-2022-48565 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities