XML Entity Expansion Denial-of-Service Vulnerability in untangle Library

XML Entity Expansion Denial-of-Service Vulnerability in untangle Library

CVE-2022-33977 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.

Learn more about our Cis Benchmark Audit For Server Software.