CVE-2022-37189
HIGHDDMAL MEI2Volpiano < 0.8.2 - XML External Entity Injection via xml.etree Library
Title source: llmDescription
DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.
References (4)
Core 4
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/DDMAL/MEI2Volpiano/
Patch, Third Party Advisory x_refsource_misc
https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59
Third Party Advisory x_refsource_misc
https://docs.python.org/3/library/xml.html#xml-vulnerabilities
Third Party Advisory x_refsource_misc
https://pyup.io/vulnerabilities/CVE-2022-37189/50928/
Scores
CVSS v3
7.5
EPSS
0.0103
EPSS Percentile
59.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (2)
ddmal/mei2volpiano
< 0.8.2
pypi/mei2volpiano
0PyPI
Published
Sep 07, 2022
Tracked Since
Feb 18, 2026