It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
References
Link | Resource |
---|---|
https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes | Release Notes Third Party Advisory |
https://seclists.org/oss-sec/2012/q1/549 | Exploit Mailing List Third Party Advisory |
https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes | Release Notes Third Party Advisory |
https://seclists.org/oss-sec/2012/q1/549 | Exploit Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 01:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes - Release Notes, Third Party Advisory | |
References | () https://seclists.org/oss-sec/2012/q1/549 - Exploit, Mailing List, Third Party Advisory |
13 Jul 2021, 15:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://seclists.org/oss-sec/2012/q1/549 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes - Release Notes, Third Party Advisory | |
CWE | CWE-611 | |
CPE | cpe:2.3:a:xml\:\:atom_project:xml\:\:atom:*:*:*:*:*:perl:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
09 Jul 2021, 11:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-09 11:15
Updated : 2024-11-21 01:36
NVD link : CVE-2012-1102
Mitre link : CVE-2012-1102
CVE.ORG link : CVE-2012-1102
JSON object : View
Products Affected
xml\
- \
CWE
CWE-611
Improper Restriction of XML External Entity Reference