PYSEC-2023-95

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/py-xml/PYSEC-2023-95.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2023-95

Aliases

CVE-2020-26709
GHSA-j6v2-mwxm-f952

Published

2023-06-29T21:15:00Z

Modified

2023-11-08T04:03:19.914018Z

Summary

[none]

Details

py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

References

https://github.com/PinaeOS/py-xml/issues/2

Affected packages

PyPI / py-xml

Package

Name: py-xml; View open source insights on deps.dev
Purl: pkg:pypi/py-xml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0