CVE-2022-27193
XML External Entities Vulnerability in CVRF-CSAF-Converter
6.1
MEDIUM
CVSS 3.1
EPSS 0.20%
Description
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.
How to fix CVE-2022-27193
To remediate CVE-2022-27193, upgrade the affected package to a fixed version below.
- —upgrade to 1.0.0rc2 or later
Is CVE-2022-27193 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.0rc2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L |