GHSA-7xr3-6ggc-wc9p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7xr3-6ggc-wc9p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-7xr3-6ggc-wc9p/GHSA-7xr3-6ggc-wc9p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7xr3-6ggc-wc9p
- Aliases
- Published
- 2022-08-06T05:30:56Z
- Modified
- 2024-11-18T23:22:44.741950Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- untangle vulnerable to XML Entity Expansion
- Details
-
Impact
An attacker may be able to cause a denial-of-service (DoS) condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0
Patches
The problem has been fixed with version 1.2.1
Workarounds
None
References
https://jvn.jp/en/jp/JVN30454777/
For more information
If you have any questions or comments about this advisory: * Open an issue
- Database specific
{ "nvd_published_at": "2022-07-26T06:15:00Z", "cwe_ids": [ "CWE-776" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-08-06T05:30:56Z" }- References
-
- https://github.com/stchris/untangle/security/advisories/GHSA-7xr3-6ggc-wc9p
- https://nvd.nist.gov/vuln/detail/CVE-2022-33977
- https://github.com/pypa/advisory-database/tree/main/vulns/untangle/PYSEC-2022-243.yaml
- https://github.com/stchris/untangle
- https://github.com/stchris/untangle/releases/tag/1.2.1
- https://jvn.jp/en/jp/JVN30454777
Affected packages
PyPI / untangle
Package
- Name
- untangle
- View open source insights on deps.dev
- Purl
- pkg:pypi/untangle