-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper XML parsing configuration. The 1.2.1 patch notes explicitly mention switching to defusedxml's parser to fix security issues. As untangle's primary interface is the parse() function, and XML entity expansion vulnerabilities typically occur in the XML parsing entry point, this function was vulnerable when using the insecure parser. The CWE-776 description confirms this relates directly to DTD handling during XML parsing.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| untangle | pip | < 1.2.1 | 1.2.1 |
PythonPythonOngoing coverage of React2Shell