PYSEC-2012-14

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/feedparser/PYSEC-2012-14.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2012-14

Aliases

CVE-2012-2921
GHSA-hjf3-r7gw-9rwg

Published

2012-05-21T22:55:00Z

Modified

2023-11-08T03:57:05.735995Z

Summary

[none]

Details

Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.

References

http://freecode.com/projects/feedparser/releases/344371
https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py
https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706
http://osvdb.org/81701
http://secunia.com/advisories/49256
http://www.securityfocus.com/bid/53654
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157
http://www.mandriva.com/security/advisories?name=MDVSA-2013:118
https://github.com/advisories/GHSA-hjf3-r7gw-9rwg

Affected packages

PyPI / feedparser

Package

Name: feedparser; View open source insights on deps.dev
Purl: pkg:pypi/feedparser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.2

Affected versions

4.*

4.1

5.*

5.0

5.0.1

5.1

5.1.1