PYSEC-2022-243

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/untangle/PYSEC-2022-243.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-243

Aliases

CVE-2022-33977
GHSA-7xr3-6ggc-wc9p

Published

2022-07-26T06:15:00Z

Modified

2023-11-08T04:09:41.005431Z

Summary

[none]

Details

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.

References

https://jvn.jp/en/jp/JVN30454777/
https://github.com/stchris/untangle
https://github.com/stchris/untangle/releases/tag/1.2.1
https://github.com/advisories/GHSA-7xr3-6ggc-wc9p

Affected packages

PyPI / untangle

Package

Name: untangle; View open source insights on deps.dev
Purl: pkg:pypi/untangle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.1

Affected versions

0.*

0.3

0.3.1

0.4.0

1.*

1.0.0

1.1.0

1.1.1

1.2.0