CVE-2015-8549 – pyamf

Package

Manager: pip
Name: pyamf
Vulnerable Version: >=0 <0.8.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00449 pctl0.62702

Details

PyAMF vulnerable to XML external entity (XXE) PyAMF provides Action Message Format (AMF) support for Python that is compatible with the Adobe Flash Player. It includes integration with Python web frameworks like Django, Pylons, Twisted, SQLAlchemy, web2py and more. XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.

Metadata

Created: 2022-05-24T17:06:13Z
Modified: 2024-10-21T20:11:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m7m4-4vm8-55wg/GHSA-m7m4-4vm8-55wg.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-m7m4-4vm8-55wg
Finding: F083
Auto approve: 1