8 matches found
EUVD-2025-7729
Malicious code in bioql PyPI...
CVE-2025-27136
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection over the bucket creation endpoint. In createServiceFactory, external entities referenced in the CreateBucketConfiguration XML document are resolved and retrieved. This allows attackers to perform...
CVE-2025-27136
CVE-2025-27136 concerns LocalS3, a local S3 mock service. Multiple connected sources confirm that before version 1.21, the bucket creation endpoint processes CreateBucketConfiguration with an XML parser that resolves external entities. An attacker can declare an external entity to reference an in...
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
Description The LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare...