Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tOGdxLTgzZ2gtdjQyds0zFA
XML External Entities Vulnerability in CVRF-CSAF-Converter
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.
Permalink: https://github.com/advisories/GHSA-m8gq-83gh-v42vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tOGdxLTgzZ2gtdjQyds0zFA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Identifiers: GHSA-m8gq-83gh-v42v, CVE-2022-27193
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-27193
- https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2
- https://github.com/advisories/GHSA-m8gq-83gh-v42v
Blast Radius: 0.0
Affected Packages
pypi:cvrf2csaf
Dependent packages: 0Dependent repositories: 1
Downloads: 187 last month
Affected Version Ranges: <= 1.0.0rc1
Fixed in: 1.0.0rc2
All affected versions: 1.0.0-rc1
All unaffected versions: 1.0.0