XML External Entity (XXE) Vulnerability in Python's plistlib Module

XML External Entity (XXE) Vulnerability in Python's plistlib Module

CVE-2022-48565 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Learn more about our External Network Penetration Testing.