PYSEC-2021-388

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/easy-xml/PYSEC-2021-388.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-388

Aliases

CVE-2020-26705
GHSA-v899-28g4-qmh8

Published

2021-10-31T20:15:00Z

Modified

2023-11-08T04:03:19.789724Z

Summary

[none]

Details

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.

References

https://github.com/darkfoxprime/python-easy_xml/issues/1
https://github.com/advisories/GHSA-v899-28g4-qmh8

Affected packages

PyPI / easy-xml

Package

Name: easy-xml; View open source insights on deps.dev
Purl: pkg:pypi/easy-xml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.0