CVE-2022-27193

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-27193
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27193.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-27193
Aliases
Published
2022-03-15T05:15:07Z
Modified
2025-01-14T10:53:27.645863Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.

References

Affected packages

Git / github.com/csaf-tools/cvrf-csaf-converter

Affected ranges

Type
GIT
Repo
https://github.com/csaf-tools/cvrf-csaf-converter
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
14c85144f2f1c45f938ce5257f30311fa1b11480
Last affected
60bbece1f9227cb96e2bb53db2a522a77746b0bd
Last affected
63a32610fd1757e2f63e6106df978002063728eb
Last affected
6578371edce6c983f1d286b26d3aeac1200caaa0
Last affected
6a7b6f4a8cb5f90df5b8c9a1ce2c0900b506721a

Affected versions

1.*

1.0.0-alpha