VDB
BIT-python-min-2022-48565
BIT-python-min-2022-48565
PUBLISHED
CVSS 9.800000190734863 CRITICAL
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | python-min | 0, 3.7.0, 3.8.0 |
Timeline
- Jan 16, 2025 CVE Published
- Sep 5, 2025 CVE Updated
References
- https://bugs.python.org/issue42051 url
- https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html url
- https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/ url
- https://security.netapp.com/advisory/ntap-20231006-0007/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-48565 url