CVE-2012-1102

It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
References
Link Resource
https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes Release Notes Third Party Advisory
https://seclists.org/oss-sec/2012/q1/549 Exploit Mailing List Third Party Advisory
https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes Release Notes Third Party Advisory
https://seclists.org/oss-sec/2012/q1/549 Exploit Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:xml\:\:atom_project:xml\:\:atom:*:*:*:*:*:perl:*:*

History

21 Nov 2024, 01:36

Type Values Removed Values Added
References () https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes - Release Notes, Third Party Advisory () https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes - Release Notes, Third Party Advisory
References () https://seclists.org/oss-sec/2012/q1/549 - Exploit, Mailing List, Third Party Advisory () https://seclists.org/oss-sec/2012/q1/549 - Exploit, Mailing List, Third Party Advisory

13 Jul 2021, 15:21

Type Values Removed Values Added
References (MISC) https://seclists.org/oss-sec/2012/q1/549 - (MISC) https://seclists.org/oss-sec/2012/q1/549 - Exploit, Mailing List, Third Party Advisory
References (MISC) https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes - (MISC) https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes - Release Notes, Third Party Advisory
CWE CWE-611
CPE cpe:2.3:a:xml\:\:atom_project:xml\:\:atom:*:*:*:*:*:perl:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5

09 Jul 2021, 11:20

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-09 11:15

Updated : 2024-11-21 01:36


NVD link : CVE-2012-1102

Mitre link : CVE-2012-1102

CVE.ORG link : CVE-2012-1102


JSON object : View

Products Affected

xml\

  • \
CWE
CWE-611

Improper Restriction of XML External Entity Reference