CVE-2020-29128
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-29128
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29128.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-29128
- Aliases
- Related
- Published
- 2020-11-26T05:15:10.470Z
- Modified
- 2025-11-20T11:25:30.089983Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
- References
-
- https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md
- https://github.com/petl-developers/petl/compare/v1.6.7...v1.6.8
- https://github.com/petl-developers/petl/issues/526
- https://github.com/petl-developers/petl/pull/527
- https://github.com/petl-developers/petl/pull/527/commits/1b0a09f08c3cdfe2e69647bd02f97c1367a5b5f8
- https://github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347
- https://petl.readthedocs.io/en/stable/changes.html
Affected packages
Git / github.com/petl-developers/petl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/petl-developers/petl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1
v0.10
v0.10.1
v0.10.2
v0.11
v0.11.1
v0.12
v0.13
v0.13.1
v0.14
v0.15
v0.16
v0.16.1
v0.16.2
v0.17
v0.17.1
v0.18
v0.18.1
v0.19
v0.2
v0.20
v0.21
v0.21.1
v0.21.2
v0.22
v0.22.1
v0.23
v0.24
v0.24.1
v0.24.2
v0.24.3
v0.25
v0.25.1
v0.25.2
v0.25.3
v0.26
v0.3
v0.4
v0.5
v0.6
v0.7
v0.8
v0.9
v1.*
v1.0.0
v1.0.0-alpha1
v1.0.0a2
v1.0.0a3
v1.0.0a4
v1.0.0b1
v1.0.0b2
v1.0.1
v1.0.10
v1.0.11
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.2.0
v1.3.0
v1.3.0rc1
v1.3.0rc2
v1.3.0rc3
v1.4.0
v1.5.0
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7