CVE-2023-27476

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-27476

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27476.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-27476

Aliases

GHSA-8h9c-r582-mggc

Related

Published

2023-03-08T00:15:08Z

Modified

2024-09-18T03:23:21.036792Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both lxml and xml.etree) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See GHSA-8h9c-r582-mggc for details.

References

Affected packages

Debian:11 / owslib

Package

Name: owslib
Purl: pkg:deb/debian/owslib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.23.0-1+deb11u1

Affected versions

0.*

0.23.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / owslib

Package

Name: owslib
Purl: pkg:deb/debian/owslib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.27.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / owslib

Package

Name: owslib
Purl: pkg:deb/debian/owslib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.27.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/geopython/owslib

Affected ranges

Type: GIT
Repo: https://github.com/geopython/owslib
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9530e923697badd5e5962e8f0243f3861150edd0

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.11.0

0.11.1

0.11.2

0.12.0

0.13.0

0.14.0

0.15.0

0.16.0

0.17.0

0.17.1

0.18.0

0.19.0

0.19.1

0.19.2

0.20.0

0.21.0

0.22.0

0.23.0

0.24.0

0.24.1

0.25.0

0.26.0

0.27.0

0.27.1

0.27.2

0.28.0

0.5.1

0.6.0

0.6.1

0.7.0

0.7.1

0.7.2

0.8.0

0.8.1

0.8.10

0.8.11

0.8.12

0.8.13

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6

0.8.7

0.8.8

0.8.9

0.9.0

0.9.1

0.9.2

rel-0.*

rel-0.1.0@378

rel-0.1.0@473

rel-0.1.0@530

rel-0.2.0@378

rel-0.2.0@473

rel-0.2.0@622

rel-0.2.1@378

rel-0.2.1@473

rel-0.2.1@778

rel-0.3.1@1213

rel-0.3.1@378

rel-0.3.1@473

rel-0.3@1099

rel-0.3@378

rel-0.3@473