libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
libexpat hasta 2.6.1 permite un ataque de expansión de entidad XML cuando hay un uso aislado de analizadores externos (creados a través de XML_ExternalEntityParserCreate).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-776
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-776
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| libexpat_project | libexpat | * | <built-in method update of dict object at 0x72a9b03ee500> | Application |
| fedoraproject | fedora | 38 | <built-in method update of dict object at 0x72a9cd0da280> | Operating System |
| fedoraproject | fedora | 39 | <built-in method update of dict object at 0x72a998ccd880> | Operating System |
| fedoraproject | fedora | 40 | <built-in method update of dict object at 0x72a9ccf9f0c0> | Operating System |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x72a9b03ee440> | Application |
| netapp | oncommand_workflow_automation | - | <built-in method update of dict object at 0x72a9b03ee280> | Application |
| netapp | ontap | 9 | <built-in method update of dict object at 0x72a99a7c49c0> | Application |
| netapp | ontap_tools | 10 | <built-in method update of dict object at 0x72a998cccc40> | Application |
| netapp | windows_host_utilities | - | <built-in method update of dict object at 0x72a9b0904ec0> | Application |
| netapp | h300s_firmware | - | <built-in method update of dict object at 0x72a9b03ee3c0> | Operating System |
| netapp | h500s_firmware | - | <built-in method update of dict object at 0x72a9cc662100> | Operating System |
| netapp | h700s_firmware | - | <built-in method update of dict object at 0x72a9cd0db0c0> | Operating System |
| netapp | h410s_firmware | - | <built-in method update of dict object at 0x72a9cd0db940> | Operating System |
| netapp | h410c_firmware | - | <built-in method update of dict object at 0x72a998ccd440> | Operating System |
| netapp | h610c_firmware | - | <built-in method update of dict object at 0x72a9cd0db280> | Operating System |
| netapp | h610s_firmware | - | <built-in method update of dict object at 0x72a9ccd28800> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:windows_host_utilities:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* |