PYSEC-2021-34
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pikepdf/PYSEC-2021-34.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2021-34
- Aliases
- Published
- 2021-04-01T20:15:00Z
- Modified
- 2023-11-08T04:05:33.347900Z
- Summary
- [none]
- Details
-
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
- References
-
- https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QFLBBYGEDNXJ7FS6PIWTVI4T4BUPGEQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJG/
- https://github.com/advisories/GHSA-ccgm-3xw4-h5p8
Affected packages
PyPI / pikepdf
Package
- Name
- pikepdf
- View open source insights on deps.dev
- Purl
- pkg:pypi/pikepdf
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pikepdf/pikepdf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced1.3.0Fixed2.10.0
Affected versions
1.*
1.3.0
1.3.1
1.4.0
1.5.0
1.5.0.post0
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.11.0
1.11.1
1.11.2
1.12.0
1.13.0
1.14.0
1.15.0
1.15.1
1.16.0
1.16.1
1.17.0
1.17.1
1.17.2
1.17.3
1.18.0
1.19.0
1.19.1
1.19.2
1.19.3
1.19.4
2.*
2.0.0b1
2.0.0b2
2.0.0
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.3.0
2.4.0
2.5.0
2.5.1
2.5.2
2.6.0
2.7.0
2.8.0
2.8.0.post1
2.8.0.post2
2.9.0
2.9.1
2.9.2