CVE-2012-1102

Published: Jul 9, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

Affected (1)

Products: Xml\: \

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xml\ \	Before 0.39

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes

Source: secalert@redhat.com

Release NotesThird Party Advisory

https://seclists.org/oss-sec/2012/q1/549

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://seclists.org/oss-sec/2012/q1/549

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.