{"id":"CVE-2022-31471","details":"untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.","aliases":["GHSA-f83q-2cp7-qrjg","PYSEC-2022-244"],"modified":"2026-04-02T08:03:01.805068Z","published":"2022-07-26T06:15:08.817Z","references":[{"type":"ADVISORY","url":"https://github.com/stchris/untangle/releases/tag/1.2.1"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN30454777/"},{"type":"PACKAGE","url":"https://github.com/stchris/untangle"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/stchris/untangle","events":[{"introduced":"0"},{"last_affected":"42e4b3a0132457ddca281e6f63501228c1532db5"},{"fixed":"35cae38fd0d3dbc099d400ab5893a06960ff40c9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.0"}]}}],"versions":["0.1","0.2","0.3","0.3.1","0.4.0","1.0.0","1.1.0","1.1.1","1.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31471.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}