Impact
Two specific feed URLs are parsed to pull out alert details and there was insufficient input validation on the URLs being passed. Limited impact as the feeds themselves would have to be altered for this to have any sort of an impact, and it would likely just lead to a lack of CVE detection.
Patches
Fixed in latest and v1.1.4
Workarounds
Manually edit vulnfeed_2_tenb.py and escape the '.' in the CERT and ICS-CERT url parsers.
References
Incomplete regular expression for hostnames
Common Weakness Enumeration: CWE-20.
Impact
Two specific feed URLs are parsed to pull out alert details and there was insufficient input validation on the URLs being passed. Limited impact as the feeds themselves would have to be altered for this to have any sort of an impact, and it would likely just lead to a lack of CVE detection.
Patches
Fixed in latest and v1.1.4
Workarounds
Manually edit vulnfeed_2_tenb.py and escape the '.' in the CERT and ICS-CERT url parsers.
References
Incomplete regular expression for hostnames
Common Weakness Enumeration: CWE-20.