<p>Upgrade <code>libtaxii</code> to version 1.1.118 or higher.</p>

Server-side Request Forgery (SSRF) Affecting libtaxii package, versions [,1.1.118)

Snyk CVSS

Attack Complexity Low

Threat Intelligence

Exploit Maturity Proof of concept

EPSS 1.06% (84^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-LIBTAXII-1019351
published 18 Oct 2020
disclosed 18 Oct 2020
credit 0wa1s

Report a new vulnerability Found a mistake?

Introduced: 18 Oct 2020

CVE-2020-27197 Open this link in a new tab CWE-918 Open this link in a new tab

How to fix?

Upgrade libtaxii to version 1.1.118 or higher.

Overview

libtaxii is a TAXII 1.X Library.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser.

References

GitHub PR
libtaxii GitHub Issue
OpenTaXII GitHub Issue