<p>Upgrade <code>Debian:unstable</code> <code>expat</code> to version 2.2.1-1 or higher.</p>

XML External Entity (XXE) Injection Affecting expat package, versions <2.2.1-1

Snyk CVSS

Attack Complexity Low

Availability High

Threat Intelligence

EPSS 0.3% (70^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIANUNSTABLE-EXPAT-358049
published 25 Jul 2017
disclosed 25 Jul 2017

Report a new vulnerability Found a mistake?

Introduced: 25 Jul 2017

CVE-2017-9233 Open this link in a new tab CWE-611 Open this link in a new tab CWE-835 Open this link in a new tab

How to fix?

Upgrade Debian:unstable expat to version 2.2.1-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.