CVE-2013-1665
published 2013-04-03CVE-2013-1665: The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote…
medium5CVSS 3.1
AVNACLAuNCPINAN
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2012.1.1-13 (bookworm) | keystone 2012.1.1-13 (bookworm) |
| debian | python-django | < keystone 2012.1.1-13 (bookworm) | keystone 2012.1.1-13 (bookworm) |
| djangoproject | django | >= 1.3.0 < 1.3.6 | 1.3.6 |
| djangoproject | django | >= 1.4.0 < 1.4.4 | 1.4.4 |
| openstack | keystone | >= 0 < 2012.1.1-13 | 2012.1.1-13 |
| openstack | keystone | >= 0 < 2012.1.1-13 | 2012.1.1-13 |
| openstack | keystone | >= 0 < 2012.1.1-13 | 2012.1.1-13 |
| openstack | keystone | >= 0 < 2012.1.1-13 | 2012.1.1-13 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM