CVE-2022-0217

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0217

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0217.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0217

Downstream

DEBIAN-CVE-2022-0217

DSA-5047-1

UBUNTU-CVE-2022-0217

openSUSE-SU-2022:0012-1

openSUSE-SU-2024:11736-1

Related

Published

2022-08-26T18:15:08Z

Modified

2025-08-09T19:01:28Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).

References

Affected packages