Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TAXII libtaxii 代码问题漏洞
Vulnerability Description
TAXII libtaxii是开源的一个 Python 库。用于处理调用 TAXII 服务的 TAXII 消息。 TAXII libtaxii 1.1.117版本存在代码问题漏洞,该漏洞源于允许通过解析方法的初始http://子字符串进行SSRF,即使XML解析器使用了no_network设置。
CVSS Information
N/A
Vulnerability Type
N/A