Vulnerability Description
A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The patch is identified as 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dd-Plist Project | Dd-Plist | < 1.18 |
Related Weaknesses (CWE)
References
- https://github.com/3breadt/dd-plist/commit/8c954e8d9f6f6863729e50105a8abf3f87fffPatch
- https://github.com/3breadt/dd-plist/pull/26Issue TrackingPatch
- https://github.com/3breadt/dd-plist/releases/tag/dd-plist-1.18Release Notes
- https://vuldb.com/?ctiid.221486Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.221486Permissions RequiredThird Party Advisory
- https://github.com/3breadt/dd-plist/commit/8c954e8d9f6f6863729e50105a8abf3f87fffPatch
- https://github.com/3breadt/dd-plist/pull/26Issue TrackingPatch
- https://github.com/3breadt/dd-plist/releases/tag/dd-plist-1.18Release Notes
- https://vuldb.com/?ctiid.221486Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.221486Permissions RequiredThird Party Advisory
FAQ
What is CVE-2016-15026?
CVE-2016-15026 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An atta...
How severe is CVE-2016-15026?
CVE-2016-15026 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-15026?
Check the references section above for vendor advisories and patch information. Affected products include: Dd-Plist Project Dd-Plist.