CVE-2022-33977

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-33977

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33977.json

Aliases

GHSA-7xr3-6ggc-wc9p
PYSEC-2022-243

Published

2022-07-26T06:15:08Z

Modified

2023-11-29T09:46:19.934065Z

Details

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.

References

https://github.com/stchris/untangle
https://github.com/stchris/untangle/releases/tag/1.2.1
https://jvn.jp/en/jp/JVN30454777/

Affected packages

Git / github.com/stchris/untangle

Affected ranges

Type: GIT
Repo: https://github.com/stchris/untangle
Events: Introduced

0The exact introduced commit is unknown

Last affected

42e4b3a0132457ddca281e6f63501228c1532db5

Affected versions

0.*

0.1

0.2

0.3

0.3.1

0.4.0

1.*

1.0.0

1.1.0

1.1.1

1.2.0