CVE-2022-48565

Summary

CVE-2022-48565 is an XML External Entity (XXE) vulnerability affecting Python versions up to 3.9.1. This issue lies in the plistlib module, which used to accept entity declarations in XML plist files, making it susceptible to XXE attacks. These attacks can potentially lead to data leakage or even server compromise, as malicious entities can be injected into the XML files. To mitigate this risk, Python 3.9.2 and later releases no longer accept entity declarations in XML plist files. This change is aimed at strengthening Python's security by eliminating the vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.