Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-f83q-2cp7-qrjg: untangle before 1.2.1 vulnerable to Improper Restriction of XML External Entity Reference

Impact

An attacker may be able to read the contents of local files. This affects untangle versions up to and including 1.2.0

Patches

The problem has been fixed with version 1.2.1

Workarounds

None

References

https://jvn.jp/en/jp/JVN30454777/

For more information

If you have any questions or comments about this advisory:

ghsa
Open in Source
#git

untangle before 1.2.1 vulnerable to Improper Restriction of XML External Entity Reference

High severity GitHub Reviewed Published Aug 6, 2022 in stchris/untangle • Updated Aug 6, 2022

Related news

CVE-2022-33977: JVN#30454777: Multiple vulnerabilities in untangle

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution
ghsa