CVE-2022-33977

HIGH

untangle <1.2.0 - DoS

Title source: llm

Description

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.

References (3)

[Product, Third Party Advisory] https://github.com/stchris/untangle

View Writeup ZIP pw:eip

[Release Notes, Third Party Advisory] https://github.com/stchris/untangle/releases/tag/1.2.1

[Third Party Advisory] https://jvn.jp/en/jp/JVN30454777/

Scores

CVSS v3 7.5

EPSS 0.0213

EPSS Percentile 84.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-776

Status published

Products (2)

pypi/untangle 0 - 1.2.1PyPI

untangle_project/untangle < 1.2.0

Published Jul 26, 2022

Tracked Since Feb 18, 2026