PYSEC-2020-339

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pyamf/PYSEC-2020-339.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2020-339

Aliases

CVE-2015-8549
GHSA-m7m4-4vm8-55wg

Published

2020-01-15T15:15:00Z

Modified

2023-11-01T04:46:20.668127Z

Summary

[none]

Details

XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.

References

http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded
https://github.com/hydralabs/pyamf/releases/tag/v0.8.0
https://github.com/hydralabs/pyamf/pull/58
http://www.ocert.org/advisories/ocert-2015-011.html
https://pypi.org/project/pyamf
https://nvd.nist.gov/vuln/detail/CVE-2015-8549
https://github.com/advisories/GHSA-m7m4-4vm8-55wg

Affected packages

PyPI / pyamf

Package

Name: pyamf; View open source insights on deps.dev
Purl: pkg:pypi/pyamf

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0

Affected versions

0.*

0.4.2

0.5

0.5.1

0.6b2

0.6

0.6.1

0.6.1.1

0.7.0

0.7.1

0.7.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pyamf/PYSEC-2020-339.yaml"