CVE-2023-22377

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22377

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22377.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22377

Published

2023-02-15T01:15:10Z

Modified

2025-03-19T20:54:42.252844Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.

References

Affected packages

Git / github.com/tsclinical/tsc-desktop

Affected ranges

Type: GIT
Repo: https://github.com/tsclinical/tsc-desktop
Events: Introduced

12efb4261d1d3ae3fd574692d9b9a0f095f0562c

Fixed

ddc15d5feb04347c09f07413dc8600b3603a4b7d

Affected versions

1.*

1.0.3

1.1.0