Executive Summary

Informations
Name CVE-2020-27197 First vendor Publication 2020-10-17
Vendor Cve Last vendor Modification 2020-10-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27197

Sources (Detail)

Source Url
MISC https://github.com/eclecticiq/OpenTAXII/issues/176
https://github.com/TAXIIProject/libtaxii/issues/246

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2020-10-19 17:22:55
  • Multiple Updates
2020-10-18 05:22:59
  • First insertion