CVE-2022-33977: untangle vulnerable to XML Entity Expansion
(updated )
An attacker may be able to cause a denial-of-service (DoS) condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0
References
- github.com/advisories/GHSA-7xr3-6ggc-wc9p
- github.com/pypa/advisory-database/tree/main/vulns/untangle/PYSEC-2022-243.yaml
- github.com/stchris/untangle
- github.com/stchris/untangle/releases/tag/1.2.1
- github.com/stchris/untangle/security/advisories/GHSA-7xr3-6ggc-wc9p
- jvn.jp/en/jp/JVN30454777
- nvd.nist.gov/vuln/detail/CVE-2022-33977
Detect and mitigate CVE-2022-33977 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →