GHSA-m7m4-4vm8-55wg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m7m4-4vm8-55wg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m7m4-4vm8-55wg/GHSA-m7m4-4vm8-55wg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m7m4-4vm8-55wg
- Aliases
-
- CVE-2015-8549
- PYSEC-2020-339
- Published
- 2022-05-24T17:06:13Z
- Modified
- 2024-10-21T20:26:37.499132Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- PyAMF vulnerable to XML external entity (XXE)
- Details
-
PyAMF provides Action Message Format (AMF) support for Python that is compatible with the Adobe Flash Player. It includes integration with Python web frameworks like Django, Pylons, Twisted, SQLAlchemy, web2py and more. XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-8549
- https://github.com/hydralabs/pyamf/pull/58
- https://github.com/advisories/GHSA-m7m4-4vm8-55wg
- https://github.com/hydralabs/pyamf
- https://github.com/hydralabs/pyamf/releases/tag/v0.8.0
- https://github.com/pypa/advisory-database/tree/main/vulns/pyamf/PYSEC-2020-339.yaml
- https://pypi.org/project/pyamf
- http://www.ocert.org/advisories/ocert-2015-011.html
Affected packages
PyPI / pyamf
Package
- Name
- pyamf
- View open source insights on deps.dev
- Purl
- pkg:pypi/pyamf