CVE-2022-48565

Updated: 2025-08-20 03:01:22.726994

Description:

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
Alpine Linux 3.22 python 3.9 9.8 CRITICAL Not Vulnerable 2026-02-02 14:29:57 Not affected: this XXE flaw exists only when plistlib accepts XML entity declarations, which was fix...
Alpine Linux 3.22 python 3.7 9.8 CRITICAL Already Fixed 2026-02-16 14:41:27 Not affected: this XXE flaw exists only when plistlib accepts XML entity declarations, which was fix...
Alpine Linux 3.22 python 3.8 9.8 CRITICAL Not Vulnerable 2026-02-07 04:07:53 Not affected: this XXE flaw exists only when plistlib accepts XML entity declarations, which was fix...
Alpine Linux 3.22 python 3.6 9.8 CRITICAL Not Vulnerable 2026-01-27 16:43:56 Not affected: this XXE flaw exists only when plistlib accepts XML entity declarations, which was fix...
Debian 10 python 3.6 9.8 CRITICAL Already Fixed 2025-09-05 09:17:38
Debian 10 python 2.7 9.8 CRITICAL Released CLSA-2025:1760024436 2025-10-10 00:49:36
Debian 11 python 2.7 9.8 CRITICAL Released CLSA-2025:1760093456 2025-10-10 11:26:49
Debian 11 python 3.6 9.8 CRITICAL Already Fixed 2025-09-05 09:17:37
Debian 12 python 3.9 9.8 CRITICAL Not Vulnerable 2025-12-04 16:07:29 Not affected: this XXE flaw exists only when plistlib accepts XML entity declarations, which was fix...
Debian 12 python 3.7 9.8 CRITICAL Already Fixed 2025-11-10 21:42:45 Not affected: this XXE flaw exists only when plistlib accepts XML entity declarations, which was fix...
Total: 36