Unrated severityNVD Advisory· Published Aug 22, 2023· Updated Oct 3, 2024
CVE-2022-48565
CVE-2022-48565
Description
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
98(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=3.9.1
- osv-coords96 versionspkg:apk/chainguard/python-3.7pkg:apk/chainguard/python-3.7-defaultpkg:apk/chainguard/python-3.7-devpkg:apk/chainguard/python-3.7-docpkg:apk/chainguard/python-3.8pkg:apk/chainguard/python-3.8-basepkg:apk/chainguard/python-3.8-base-devpkg:apk/chainguard/python-3.8-defaultpkg:apk/chainguard/python-3.8-devpkg:apk/chainguard/python-3.8-docpkg:bitnami/libpythonpkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/almalinux/babelpkg:rpm/almalinux/python2pkg:rpm/almalinux/python2-attrspkg:rpm/almalinux/python2-babelpkg:rpm/almalinux/python2-backportspkg:rpm/almalinux/python2-backports-ssl_match_hostnamepkg:rpm/almalinux/python2-bsonpkg:rpm/almalinux/python2-chardetpkg:rpm/almalinux/python2-coveragepkg:rpm/almalinux/python2-Cythonpkg:rpm/almalinux/python2-debugpkg:rpm/almalinux/python2-develpkg:rpm/almalinux/python2-dnspkg:rpm/almalinux/python2-docspkg:rpm/almalinux/python2-docs-infopkg:rpm/almalinux/python2-docutilspkg:rpm/almalinux/python2-funcsigspkg:rpm/almalinux/python2-idnapkg:rpm/almalinux/python2-ipaddresspkg:rpm/almalinux/python2-jinja2pkg:rpm/almalinux/python2-libspkg:rpm/almalinux/python2-lxmlpkg:rpm/almalinux/python2-markupsafepkg:rpm/almalinux/python2-mockpkg:rpm/almalinux/python2-nosepkg:rpm/almalinux/python2-numpypkg:rpm/almalinux/python2-numpy-docpkg:rpm/almalinux/python2-numpy-f2pypkg:rpm/almalinux/python2-pippkg:rpm/almalinux/python2-pip-wheelpkg:rpm/almalinux/python2-pluggypkg:rpm/almalinux/python2-psycopg2pkg:rpm/almalinux/python2-psycopg2-debugpkg:rpm/almalinux/python2-psycopg2-testspkg:rpm/almalinux/python2-pypkg:rpm/almalinux/python2-pygmentspkg:rpm/almalinux/python2-pymongopkg:rpm/almalinux/python2-pymongo-gridfspkg:rpm/almalinux/python2-PyMySQLpkg:rpm/almalinux/python2-pysockspkg:rpm/almalinux/python2-pytestpkg:rpm/almalinux/python2-pytest-mockpkg:rpm/almalinux/python2-pytzpkg:rpm/almalinux/python2-pyyamlpkg:rpm/almalinux/python2-requestspkg:rpm/almalinux/python2-rpm-macrospkg:rpm/almalinux/python2-scipypkg:rpm/almalinux/python2-setuptoolspkg:rpm/almalinux/python2-setuptools_scmpkg:rpm/almalinux/python2-setuptools-wheelpkg:rpm/almalinux/python2-sixpkg:rpm/almalinux/python2-sqlalchemypkg:rpm/almalinux/python2-testpkg:rpm/almalinux/python2-tkinterpkg:rpm/almalinux/python2-toolspkg:rpm/almalinux/python2-urllib3pkg:rpm/almalinux/python2-virtualenvpkg:rpm/almalinux/python2-wheelpkg:rpm/almalinux/python2-wheel-wheelpkg:rpm/almalinux/python-nose-docspkg:rpm/almalinux/python-psycopg2-docpkg:rpm/almalinux/python-sqlalchemy-docpkg:rpm/opensuse/python-base&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-doc&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-doc&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/python-base&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/python-base&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/python&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 0+ 95 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.6.13
- (no CPE)range: < 3.6.13
- (no CPE)range: < 3.6.13
- (no CPE)range: < 2.5.1-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.18-17.module_el8.10.0+3783+2756348e.alma
- (no CPE)range: < 17.4.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.5.1-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.5.0.1-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.7.0-1.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.0.4-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 4.5.1-5.module_el8.9.0+3640+8d3927b5
- (no CPE)range: < 0.28.1-7.module_el8.6.0+3162+01a09e5a
- (no CPE)range: < 2.7.18-17.module_el8.10.0+3783+2756348e.alma
- (no CPE)range: < 2.7.18-17.module_el8.10.0+3783+2756348e.alma
- (no CPE)range: < 1.15.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.16-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.16-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.14-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.2-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.18-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.10-10.module_el8.10.0+3783+2756348e
- (no CPE)range: < 2.7.18-17.module_el8.10.0+3783+2756348e.alma
- (no CPE)range: < 4.2.3-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.23-19.module_el8.6.0+3162+01a09e5a
- (no CPE)range: < 2.0.0-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.3.7-31.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:1.14.2-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:1.14.2-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:1.14.2-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 9.0.3-19.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 9.0.3-19.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.6.0-8.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-8.module_el8.9.0+3640+8d3927b5
- (no CPE)range: < 2.7.5-8.module_el8.9.0+3640+8d3927b5
- (no CPE)range: < 2.7.5-8.module_el8.9.0+3640+8d3927b5
- (no CPE)range: < 1.5.3-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.2.0-22.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.7.0-1.module_el8.6.0+3162+01a09e5a
- (no CPE)range: < 3.7.0-1.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.8.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.6.8-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.4.2-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.9.0-4.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2017.2-13.module_el8.9.0+3640+8d3927b5
- (no CPE)range: < 3.12-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.20.0-4.module_el8.9.0+3640+8d3927b5
- (no CPE)range: < 3-38.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.0-22.module_el8.9.0+3640+8d3927b5
- (no CPE)range: < 39.0.1-14.module_el8.10.0+3783+2756348e
- (no CPE)range: < 1.15.7-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 39.0.1-14.module_el8.10.0+3783+2756348e
- (no CPE)range: < 1.11.0-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.3.2-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.18-17.module_el8.10.0+3783+2756348e.alma
- (no CPE)range: < 2.7.18-17.module_el8.10.0+3783+2756348e.alma
- (no CPE)range: < 2.7.18-17.module_el8.10.0+3783+2756348e.alma
- (no CPE)range: < 1.24.2-4.module_el8.10.0+3783+2756348e
- (no CPE)range: < 15.1.0-22.module_el8.10.0+3783+2756348e
- (no CPE)range: < 1:0.31.1-3.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:0.31.1-3.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.3.7-31.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-8.module_el8.9.0+3640+8d3927b5
- (no CPE)range: < 1.3.2-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-39.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-33.26.1
- (no CPE)range: < 2.7.18-33.26.1
- (no CPE)range: < 2.7.18-33.26.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-33.26.1
- (no CPE)range: < 2.7.18-33.26.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-150000.57.1
- (no CPE)range: < 2.7.18-33.26.1
- (no CPE)range: < 2.7.18-33.26.1
Patches
Vulnerability mechanics
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2023/09/msg00022.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2023/10/msg00017.htmlmitremailing-list
- bugs.python.org/issue42051mitre
- security.netapp.com/advisory/ntap-20231006-0007/mitre
News mentions
0No linked articles in our index yet.