CVE-2014-3242

Description

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

How to fix CVE-2014-3242

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/soappy—no fix listed

Is CVE-2014-3242 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 0.12.5

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-3242
• PATCHgithub.com/kiorky/soappy
• WEBseclists.org/fulldisclosure/2014/May/20
• WEBweb.archive.org/web/20150501220613/http://www.pnigos.com/?p=260
• WEB