Lucene search
GoogleOSV:PSF-2023-5HistoryAug 24, 2023 - 12:00 a.m.
XML External Entity issue in plistlib module
2023-08-2400:00:00
Google
osv.dev
6
python vulnerability
xml external entity
plistlib module
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
48.0%
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Related
osv
osv
BIT-python-2023-38898
2024-03-06 11:03:22
hmac.compare_digest() accumulator not constant-time
2023-08-24 00:00:00
Reference count issue in _asyncio._swap_current_task()
2023-08-15 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4001-1)
2023-10-09 00:00:00
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2024-1290)
2024-03-12 00:00:00
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2024-1697)
2024-05-17 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2023:4001-1)
2023-10-07 00:00:00
EulerOS Virtualization 3.0.6.0 : python2 (EulerOS-SA-2024-1697)
2024-05-17 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2023:4220-1)
2023-10-27 00:00:00
redos
redos
ROS-20240409-02
2024-04-09 00:00:00
prion
prion
cve
cve
redhatcve
redhatcve
nvd
nvd
ubuntucve
ubuntucve
debiancve
debiancve
cvelist
cvelist
veracode
veracode
Timing Attack
2023-08-30 22:30:54
Timing Attack
2023-10-10 08:26:44
XML External Entity (XXE)
2023-08-30 22:31:01
amazon
amazon
Medium: python
2024-01-03 21:04:00
Important: python
2023-10-30 23:59:00
Important: python3
2023-10-25 21:40:00
cloudlinux
cloudlinux
python: Fix of CVE-2022-48565
2023-10-09 19:03:14
ibm
ibm
ubuntu
ubuntu
Python vulnerability
2023-09-27 00:00:00
Python vulnerability
2023-09-07 00:00:00
debian
debian
[SECURITY] [DLA 3614-1] python3.7 security update
2023-10-11 19:33:59
[SECURITY] [DLA 3575-1] python2.7 security update
2023-09-20 19:13:38
mageia
mageia
Updated python python3 packages fix security vulnerabilities
2024-03-23 04:00:08
fedora
fedora
[SECURITY] Fedora 37 Update: python2.7-2.7.18-35.fc37
2023-10-21 01:26:15
[SECURITY] Fedora 38 Update: python2.7-2.7.18-35.fc38
2023-10-21 01:29:59
[SECURITY] Fedora 39 Update: python2.7-2.7.18-35.fc39
2023-11-03 18:57:04
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0646
2023-09-09 00:00:00
f5
f5
almalinux
almalinux
Moderate: python27:2.7 security update
2024-05-22 00:00:00
oraclelinux
oraclelinux
python27:2.7 security update
2024-05-24 00:00:00
redhat
redhat
(RHSA-2024:2987) Moderate: python27:2.7 security update
2024-05-22 06:35:16
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
48.0%
Related for OSV:PSF-2023-5