CVE-2013-1664
Description
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.938
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django 1.3.6 | Windows |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django 1.4.4 | Windows |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django for linux 1.3.6 | Linux |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django for linux 1.4.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234