CVE-2022-37189

Published: Sep 7, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.

Affected (1)

Products: Ddmal: Mei2volpiano

Ddmal

1 product

Mei2volpiano

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ddmal Mei2volpiano	Up to 0.8.2

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (8)

https://docs.python.org/3/library/xml.html#xml-vulnerabilities

Source: cve@mitre.org

Third Party Advisory

https://github.com/DDMAL/MEI2Volpiano/

Source: cve@mitre.org

ProductThird Party Advisory

https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59

Source: cve@mitre.org

PatchThird Party Advisory

https://pyup.io/vulnerabilities/CVE-2022-37189/50928/

Source: cve@mitre.org

Third Party Advisory

https://docs.python.org/3/library/xml.html#xml-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/DDMAL/MEI2Volpiano/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://pyup.io/vulnerabilities/CVE-2022-37189/50928/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.