MidnightBSD

Advisories for cvrf-csaf-converter_project

CVE-2022-27193 MEDIUM

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L 1.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
cvrf-csaf-converter_project cvrf-csaf-converter 1.0.0