csaf-tools/CVRF-CSAF-Converter

Releases9

Frequency1 week 1 day

Last Release about 4 years ago

Stars9

A CVRF CSAF Converter, taking care about OASIS specification.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-27193 ↗	Mar 15, 2022Tuesday, 15 March 2022, 05:15	6.1 MEDIUM	4.3 MEDIUM
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.