vulnerability
Oracle Linux: CVE-2022-48565: ELSA-2024-2987: python27:2.7 security update (MODERATE) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Aug 22, 2023 | May 28, 2024 | Dec 18, 2024 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Aug 22, 2023
Added
May 28, 2024
Modified
Dec 18, 2024
Description
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
A flaw was found in Python caused by improper handling of XML external entity (XXE) declarations by the plistlib module. By using a specially crafted XML content, an attacker could obtain sensitive information by disclosing files specified by parsing URI, and may cause denial of service by resource exhaustion.
A flaw was found in Python caused by improper handling of XML external entity (XXE) declarations by the plistlib module. By using a specially crafted XML content, an attacker could obtain sensitive information by disclosing files specified by parsing URI, and may cause denial of service by resource exhaustion.
Solution(s)
oracle-linux-upgrade-babeloracle-linux-upgrade-python2oracle-linux-upgrade-python2-attrsoracle-linux-upgrade-python2-babeloracle-linux-upgrade-python2-backportsoracle-linux-upgrade-python2-backports-ssl-match-hostnameoracle-linux-upgrade-python2-bsonoracle-linux-upgrade-python2-chardetoracle-linux-upgrade-python2-coverageoracle-linux-upgrade-python2-cythonoracle-linux-upgrade-python2-debugoracle-linux-upgrade-python2-develoracle-linux-upgrade-python2-dnsoracle-linux-upgrade-python2-docsoracle-linux-upgrade-python2-docs-infooracle-linux-upgrade-python2-docutilsoracle-linux-upgrade-python2-funcsigsoracle-linux-upgrade-python2-idnaoracle-linux-upgrade-python2-ipaddressoracle-linux-upgrade-python2-jinja2oracle-linux-upgrade-python2-libsoracle-linux-upgrade-python2-lxmloracle-linux-upgrade-python2-markupsafeoracle-linux-upgrade-python2-mockoracle-linux-upgrade-python2-noseoracle-linux-upgrade-python2-numpyoracle-linux-upgrade-python2-numpy-docoracle-linux-upgrade-python2-numpy-f2pyoracle-linux-upgrade-python2-piporacle-linux-upgrade-python2-pip-wheeloracle-linux-upgrade-python2-pluggyoracle-linux-upgrade-python2-psycopg2oracle-linux-upgrade-python2-psycopg2-debugoracle-linux-upgrade-python2-psycopg2-testsoracle-linux-upgrade-python2-pyoracle-linux-upgrade-python2-pygmentsoracle-linux-upgrade-python2-pymongooracle-linux-upgrade-python2-pymongo-gridfsoracle-linux-upgrade-python2-pymysqloracle-linux-upgrade-python2-pysocksoracle-linux-upgrade-python2-pytestoracle-linux-upgrade-python2-pytest-mockoracle-linux-upgrade-python2-pytzoracle-linux-upgrade-python2-pyyamloracle-linux-upgrade-python2-requestsoracle-linux-upgrade-python2-rpm-macrosoracle-linux-upgrade-python2-scipyoracle-linux-upgrade-python2-setuptoolsoracle-linux-upgrade-python2-setuptools-scmoracle-linux-upgrade-python2-setuptools-wheeloracle-linux-upgrade-python2-sixoracle-linux-upgrade-python2-sqlalchemyoracle-linux-upgrade-python2-testoracle-linux-upgrade-python2-tkinteroracle-linux-upgrade-python2-toolsoracle-linux-upgrade-python2-urllib3oracle-linux-upgrade-python2-virtualenvoracle-linux-upgrade-python2-wheeloracle-linux-upgrade-python2-wheel-wheeloracle-linux-upgrade-python-nose-docsoracle-linux-upgrade-python-psycopg2-docoracle-linux-upgrade-python-sqlalchemy-doc

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.