CVE-2015-8549
HIGHPyAMF < 0.8.0 - XML External Entity Injection via AMF Payload
Title source: llmDescription
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
http://www.ocert.org/advisories/ocert-2015-011.html
Broken Link x_refsource_misc
http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded
Patch, Third Party Advisory x_refsource_misc
https://github.com/hydralabs/pyamf/pull/58
Release Notes x_refsource_misc
https://github.com/hydralabs/pyamf/releases/tag/v0.8.0
Scores
CVSS v3
7.1
EPSS
0.0138
EPSS Percentile
68.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (2)
pyamf/pyamf
< 0.8.0
pypi/pyamf
0 - 0.8.0PyPI
Published
Jan 15, 2020
Tracked Since
Feb 18, 2026