Vulnerability Details CVE-2016-9180
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.7%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html
- http://www.openwall.com/lists/oss-security/2016/11/04/2
- http://www.securityfocus.com/bid/94219
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html
- http://www.openwall.com/lists/oss-security/2016/11/04/2
- http://www.securityfocus.com/bid/94219
Products affected by CVE-2016-9180
-
cpe:2.3:a:xmltwig:xml-twig_for_perl:-