CPANSA-XML-Atom-2012-1102: XML-Atom vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2021-07-09T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2021-07-09T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	7.5	Severity	High
Original language		Language	en
Also referred to

Vulnerability Description

It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

Vulnerabilities

CVE-2012-1102

Vulnerability Description

Weakness	CWE-611 : Improper Restriction of XML External Entity Reference

Product status

Known affected

Product

Score

XML-Atom less than 0.39

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	7.5	High
2.0	AV:N/AC:L/Au:N/C:P/I:N/A:N	5.0	Medium

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-XML-Atom-2012-1102 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2021/cpansa-xml-atom-2012-1102.json
https://seclists.org/oss-sec/2012/q1/549 external
https://seclists.org/oss-sec/2012/q1/549
https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes external
https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes
CVE-2012-1102 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2012-1102

Revision history

Version	Date of the revision	Summary of the revision
1	Fri Jul 9 00:00:00 2021	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/