BIT-libpython-2022-48565

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/libpython/BIT-libpython-2022-48565.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-libpython-2022-48565

Aliases

Published

2025-08-11T13:52:14.793Z

Modified

2025-09-05T17:12:05.671731Z

Summary

[none]

Details

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Database specific

{
    "cpes": [
        "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}

References

Affected packages

Bitnami / libpython

Package

Name: libpython
Purl: pkg:bitnami/libpython

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.13

Introduced

3.7.0

Fixed

3.7.10

Introduced

3.8.0

Fixed

3.8.7

Introduced

3.9.0

Fixed

3.9.1