PYSEC-2022-243

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/untangle/PYSEC-2022-243.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2022-243
Aliases
Published
2022-07-26T06:15:00Z
Modified
2023-11-01T04:59:12.432740Z
Summary
[none]
Details

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.

References

Affected packages

PyPI / untangle

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.1

Affected versions

0.*

0.3
0.3.1
0.4.0

1.*

1.0.0
1.1.0
1.1.1
1.2.0