CVE-2013-1665
Description
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
2.995
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django 1.3.6 | Windows |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django 1.4.4 | Windows |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django for linux 1.3.6 | Linux |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django for linux 1.4.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234