{"id":"PYSEC-2019-105","details":"The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.","aliases":["CVE-2019-19702","GHSA-vc42-mgr2-w34r"],"modified":"2024-11-22T04:59:31.310543Z","published":"2019-12-10T20:15:00Z","references":[{"type":"REPORT","url":"https://github.com/modoboa/modoboa-dmarc/issues/38"}],"affected":[{"package":{"name":"modoboa-dmarc","ecosystem":"PyPI","purl":"pkg:pypi/modoboa-dmarc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0"}]}],"versions":["0.1.0","0.1.1","0.2.0","0.3.0","1.0.0","1.0.1","1.0.2","1.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/modoboa-dmarc/PYSEC-2019-105.yaml"}}],"schema_version":"1.7.3"}