Description
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/oss-sec/2012/q1/549
Scores
CVSS v3
7.5
EPSS
0.0140
EPSS Percentile
69.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
xml\/\
< 0.39
Published
Jul 09, 2021
Tracked Since
Feb 18, 2026