CVE-2022-48565

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-48565

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48565.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-48565

Aliases

BIT-python-2022-48565

Related

Published

2023-08-22T19:16:32Z

Modified

2024-09-18T03:24:29.024872Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

References

Affected packages

Debian:11 / pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.5+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.5+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.5+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / python2.7

Package

Name: python2.7
Purl: pkg:deb/debian/python2.7?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-8+deb11u1

Affected versions

2.*

2.7.18-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / python3.9

Package

Name: python3.9
Purl: pkg:deb/debian/python3.9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.1~rc1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

fa919fdf2583bdfead1df00e842f24f30b2a34bf

Fixed

6503f05dd59e26a9986bdea097b3da9b3546f45b

Affected versions

v3.*

v3.8.0

v3.8.1

v3.8.1rc1

v3.8.2

v3.8.2rc1

v3.8.2rc2

v3.8.3

v3.8.3rc1

v3.8.4

v3.8.4rc1

v3.8.5

v3.8.6

v3.8.6rc1

v3.8.7rc1