CVE-2022-48565

moderate-risk

Published 2023-08-22

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Do I need to act?

~

7.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Python

Debian Linux

Affected Vendors

Debian Python

References (14)

Exploit https://bugs.python.org/issue42051

Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html

https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://security.netapp.com/advisory/ntap-20231006-0007/

Exploit https://bugs.python.org/issue42051

Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html

https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://security.netapp.com/advisory/ntap-20231006-0007/

49

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 10/34 · Low

Exposure 7/34 · Low