CVE-2022-27193

CVSS v3.1

6.1

Medium

Vector

AC:L/AV:L/A:L/C:H/I:N/PR:N/S:U/UI:R

Name of the Vulnerable Software and Affected Versions CVRF-CSAF-Converter versions prior to 1.0.0-rc2

Description The issue allows for the inclusion of arbitrary local file content into the generated output document due to XML External Entities (XXE). This can be exploited by an attacker to disclose information from the system running the converter.

Recommendations For versions prior to 1.0.0-rc2, update to version 1.0.0-rc2 or later to resolve the issue.

Fix

XXE

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-552

Related Identifiers

CVE-2022-27193

GHSA-M8GQ-83GH-V42V

Affected Products

Cvrf-Csaf-Converter

CVE-2022-27193

Weakness Enumeration

Related Identifiers

Affected Products

References · 5