CVE-2021-29421

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-29421
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29421.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29421
Aliases
Downstream
Related
Published
2021-04-01T20:15:12Z
Modified
2025-09-24T10:43:53.984303Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

References

Affected packages

Git / github.com/pikepdf/pikepdf

Affected ranges

Type
GIT
Repo
https://github.com/pikepdf/pikepdf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3f38f73218e5e782fe411ccbb3b44a793c0b343a

Affected versions

v0.*

v0.1.0
v0.1.0.post1
v0.1.1
v0.1.10
v0.1.10rc1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.10.0
v0.10.1
v0.10.2
v0.1rc1
v0.1rc2
v0.1rc3
v0.1rc4
v0.1rc5
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.7post2
v0.9.0
v0.9.1
v0.9.2

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.11.0
v1.11.1
v1.11.2
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.18.0
v1.19.0
v1.19.1
v1.19.2
v1.19.3
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.5.0.post0
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.7.0
v1.7.0rc1
v1.7.0rc2
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.9.0

v2.*

v2.0.0
v2.0.0b1
v2.0.0b2
v2.1.0
v2.1.1
v2.1.2
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3.0
v2.4.0
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.7.0
v2.8.0
v2.8.0.post1
v2.8.0.post2
v2.9.0
v2.9.1
v2.9.2