Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-48565

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Related bugs and status

CVE-2022-48565 (Candidate) is related to these bugs:

Bug #2038879: [Debian] High CVE: CVE-2021-23336/CVE-2022-0391/CVE-2022-48560/CVE-2022-48565/CVE-2022-48566/CVE-2023-24329/CVE-2023-40217 python2.7: multiple CVEs

Summary				In	Importance	Status
	2038879	[Debian] High CVE: CVE-2021-23336/CVE-2022-0391/CVE-2022-48560/CVE-2022-48565/CVE-2022-48566/CVE-2023-24329/CVE-2023-40217 python2.7: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.python.or...
MLIST: [debian-lts-announce] ...
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2023-348a0dbcf3
FEDORA: FEDORA-2023-e47078af3e
FEDORA: FEDORA-2023-ea38857cc3