CPANSA-XML-Atom-2012-1102: XML-Atom vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2021-07-09T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2021-07-09T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 7.5 | Severity | High |
Original language | Language | en | |
Also referred to |
Vulnerability Description
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
Vulnerabilities
CVE-2012-1102
Vulnerability DescriptionIt was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
Weakness | CWE-611 : Improper Restriction of XML External Entity Reference |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
XML-Atom less than 0.39 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-XML-Atom-2012-1102 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2021/cpansa-xml-atom-2012-1102.json - https://seclists.org/oss-sec/2012/q1/549 external
https://seclists.org/oss-sec/2012/q1/549 - https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes external
https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes - CVE-2012-1102 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2012-1102
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Fri Jul 9 00:00:00 2021 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/