Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03eHIzLTZnZ2Mtd2M5cM4AAt2c
untangle vulnerable to XML Entity Expansion
Impact
An attacker may be able to cause a denial-of-service (DoS) condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0
Patches
The problem has been fixed with version 1.2.1
Workarounds
None
References
https://jvn.jp/en/jp/JVN30454777/
For more information
If you have any questions or comments about this advisory:
- Open an issue
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03eHIzLTZnZ2Mtd2M5cM4AAt2c
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 9 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-7xr3-6ggc-wc9p, CVE-2022-33977
References:
- https://github.com/stchris/untangle/security/advisories/GHSA-7xr3-6ggc-wc9p
- https://nvd.nist.gov/vuln/detail/CVE-2022-33977
- https://github.com/pypa/advisory-database/tree/main/vulns/untangle/PYSEC-2022-243.yaml
- https://github.com/stchris/untangle
- https://github.com/stchris/untangle/releases/tag/1.2.1
- https://jvn.jp/en/jp/JVN30454777/
- https://github.com/advisories/GHSA-7xr3-6ggc-wc9p
Blast Radius: 18.4
Affected Packages
pypi:untangle
Dependent packages: 11Dependent repositories: 285
Downloads: 150,369 last month
Affected Version Ranges: < 1.2.1
Fixed in: 1.2.1
All affected versions: 0.3.1, 0.4.0, 1.0.0, 1.1.0, 1.1.1, 1.2.0
All unaffected versions: 1.2.1