easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
{ "nvd_published_at": "2023-06-29T21:15:09Z", "cwe_ids": [ "CWE-611" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-06-30T20:36:45Z" }