Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Vulnerability Type
N/A
Vulnerability Title
CVRF-CSAF-Converter 代码问题漏洞
Vulnerability Description
CVRF-CSAF-Converter是德国csaf-tools团队的一个 Python 工具。用于将 CSAF CVRF 1.2 文档转换为 CSAF 2.0 文档。 CVRF-CSAF-Converter 1.0.0-rc2 之前存在安全漏洞,攻击者可以利用此漏洞从运行转换器的系统中泄露信息。
CVSS Information
N/A
Vulnerability Type
N/A