CVE-2022-48565

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48565
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48565.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48565
Aliases
Downstream
Related
Published
2023-08-22T19:16:32.007Z
Modified
2026-04-11T12:41:15.916115Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
aa73e1722eb9835dc99fd8983885a141112ee4ab
Introduced
1bf9cc509326bc42cd8cb1650eb9bf64550d817e
Fixed
9b2dd1fc6c9913dbeee623e724b6baa598038f97
Introduced
fa919fdf2583bdfead1df00e842f24f30b2a34bf
Fixed
6503f05dd59e26a9986bdea097b3da9b3546f45b
Introduced
9cf6752276e6fcfd0c23fdb064ad27f448aaaf75
Fixed
1e5d33e9b9b8631b36f061103a30208b206fd03a
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.6.13"
        },
        {
            "introduced": "3.7.0"
        },
        {
            "fixed": "3.7.10"
        },
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.7"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.1"
        }
    ],
    "cpe": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
}

Affected versions

v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2
v3.2a1
v3.2a2
v3.2a3
v3.2a4
v3.2b1
v3.2b2
v3.2rc1
v3.2rc2
v3.2rc3
v3.3.0a2
v3.3.0a3
v3.3.0a4
v3.3.0b1
v3.3.0b2
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0b1
v3.4.0b2
v3.4.0b3
v3.5.0a1
v3.5.0a2
v3.5.0a3
v3.5.0a4
v3.5.0b1
v3.6.0a3
v3.6.0b1
v3.6.0b3
v3.6.0b4
v3.6.0rc1
v3.6.10
v3.6.10rc1
v3.6.11
v3.6.11rc1
v3.6.12
v3.6.2rc1
v3.6.6rc1
v3.6.8
v3.6.8rc1
v3.6.9
v3.6.9rc1
v3.7.0a2
v3.7.0b1
v3.7.0b2
v3.7.0b3
v3.7.0b4
v3.7.0b5
v3.7.0rc1
v3.7.2rc1
v3.7.3rc1
v3.7.6rc1
v3.7.7rc1
v3.7.8
v3.7.8rc1
v3.7.9
v3.8.0rc1
v3.8.3
v3.8.3rc1
v3.8.5
v3.9.0a2
v3.9.0b1
v3.9.0b3
v3.9.0b5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48565.json"