CVE-2022-28652 | Canonical Apport up to 2.20.x settings Billion Laughs xml entity expansion (USN-5427-1)

Posted by Angelo Barbosa | Jun 5, 2024 | CVE

A vulnerability was found in Canonical Apport up to 2.20.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ~/.config/apport/settings. The manipulation leads to xml entity expansion.

This vulnerability is known as CVE-2022-28652. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2022-28652 | Canonical Apport up to 2.20.x settings Billion Laughs xml entity expansion (USN-5427-1)

Related Posts

CVE-2024-2106 | MasterStudy LMS Plugin up to 3.2.10 on WordPress REST Route information disclosure

CVE-2024-52407 | codeSavory BasePress Migration Tools Plugin up to 1.0.0 on WordPress unrestricted upload

CVE-2024-7745 | Progress WS_FTP Server up to 8.8.7 Web Transfer Module missing critical step in authentication

CVE-2024-25507 | RuvarOA 6.01/12.01 /LHMail/AttachDown.aspx email_attach_id sql injection