CVE-2016-15026

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-15026

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-15026.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-15026

Aliases

GHSA-4jx2-hvqw-93j9

Published

2023-02-20T11:15:12Z

Modified

2024-05-17T07:49:58.719889Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The patch is identified as 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/3breadt/dd-plist

Affected ranges

Type: GIT
Repo: https://github.com/3breadt/dd-plist
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8c954e8d9f6f6863729e50105a8abf3f87fff74c

Affected versions

dd-plist-1.*

dd-plist-1.16

dd-plist-1.17