VYPR

PyPI package

untangle

pkg:pypi/untangle

Vulnerabilities (2)

  • CVE-2022-33977Jul 26, 2022
    affected < 1.2.1fixed 1.2.1

    untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on t

  • CVE-2022-31471Jul 26, 2022
    affected < 1.2.1fixed 1.2.1

    untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.