7 matches found
CVE-2020-29128
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
datatransfer-client (=2.13.0), parsons (>=0.5.0 <=0.11.1) +1 more potentially affected by CVE-2020-29128 via petl (=1.2.0)
petl PYPI version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on petl and may be impacted: - datatransfer-client =2.13.0 - parsons =0.5.0, =0.4.0, =0.10.1 Source cves: CVE-2020-29128 Source advisory: OSV:GHSA-F5GC-P5M3-V347...
GHSA-F5GC-P5M3-V347 XXE in petl
Impact Information Disclosure Summary petl is a Python library that provides functions for extraction, transformation, and loading ETL of data. petl before 1.68, in some configurations, allows resolution of entities in XML input. An attacker who is able to submit XML input to an application using...
CVE-2020-29128
creationtimestamp| type| source ---|---|--- 2020-11-26 07:48:31+00:00| seen| https://t.me/cibsecurity/16862...
datatransfer-client (=2.13.0), parsons (>=0.5.0 <=0.11.1) +1 more potentially affected by CVE-2020-29128 via petl (=1.2.0)
petl PYPI version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on petl and may be impacted: - datatransfer-client =2.13.0 - parsons =0.5.0, =0.4.0, =0.10.1 Source cves: CVE-2020-29128 Source advisory: OSV:PYSEC-2020-75...
CVE-2020-29128
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
CVE-2020-29128
CVE-2020-29128 concerns the Python ETL library petl, prior to version 1.68. In some configurations, petl can resolve entities in XML input, enabling an attacker to disclose arbitrary files when the application processes attacker-supplied XML with a configured lxml backend. The issue is classified...