1. CVE-Search
  2. CVE-2020-5227
ID CVE-2020-5227
Summary Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of Service Attacks (e.g. XML Bomb). This becomes a concern in particular if feedgen is used to include content from untrused sources and if XML (including XHTML) is directly included instead of providing plain tex content only. This problem has been fixed in feedgen 0.9.0 which disallows XML entity expansion and external resources.
References
Vulnerable Configurations
  • cpe:2.3:a:feedgen_project:feedgen:0.1:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.1:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.1:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.2:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.2:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.2.1:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.3:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.3:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.4:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.4:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.5:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.5:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.6:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.6:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.7:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.7:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.2.8:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.2.8:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.3.0:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.3.0:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.3.1:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.3.1:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.3.2:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.3.2:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.4.0:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.4.0:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.4.1:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.4.1:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.5.0:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.5.0:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.5.1:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.5.1:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.6.0:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.6.0:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.6.1:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.6.1:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.7.0:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.7.0:*:*:*:*:python:*:*
  • cpe:2.3:a:feedgen_project:feedgen:0.8.0:*:*:*:*:python:*:*
    cpe:2.3:a:feedgen_project:feedgen:0.8.0:*:*:*:*:python:*:*
CVSS
Base: 5.0 (as of 08-02-2020 - 04:15)
Impact:
Exploitability:
CWE CWE-776
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm https://github.com/lkiesow/python-feedgen/security/advisories/GHSA-g8q7-xv52-hf9f
fedora FEDORA-2020-8493201e90
misc
Last major update 08-02-2020 - 04:15
Published 28-01-2020 - 23:15
Last modified 08-02-2020 - 04:15
Back to Top