High severityNVD Advisory· Published Jul 26, 2022· Updated Aug 3, 2024
CVE-2022-33977
CVE-2022-33977
Description
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
untanglePyPI | < 1.2.1 | 1.2.1 |
Affected products
2- Christian Stefanescu/untanglev5Range: 1.2.0 and earlier
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-7xr3-6ggc-wc9pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-33977ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/untangle/PYSEC-2022-243.yamlghsaWEB
- github.com/stchris/untangle/releases/tag/1.2.1ghsax_refsource_MISCWEB
- github.com/stchris/untangle/security/advisories/GHSA-7xr3-6ggc-wc9pghsaWEB
- jvn.jp/en/jp/JVN30454777ghsaWEB
- jvn.jp/en/jp/JVN30454777/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.