untangle vulnerable to Improper Restriction of XML External Entity Reference
Description
Published by the National Vulnerability Database
Jul 26, 2022
Published to the GitHub Advisory Database
Aug 6, 2022
Reviewed
Aug 6, 2022
Last updated
Nov 18, 2024
Description
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.
Impact
An attacker may be able to read the contents of local files. This affects untangle versions up to and including 1.2.0
Patches
The problem has been fixed with version 1.2.1
Workarounds
None
References
https://jvn.jp/en/jp/JVN30454777/
For more information
If you have any questions or comments about this advisory:
References