5 matches found
EUVD-2025-7729
Malicious code in bioql PyPI...
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
CVE-2025-27136
CVE-2025-27136 concerns LocalS3, a local S3 mock service. Multiple connected sources confirm that before version 1.21, the bucket creation endpoint processes CreateBucketConfiguration with an XML parser that resolves external entities. An attacker can declare an external entity to reference an in...
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
PT-2025-10615 · Locals3 · Locals3
Name of the Vulnerable Software and Affected Versions: LocalS3 versions prior to 1.21 Description: The issue concerns XML External Entity XXE injection in the bucket creation endpoint. When processing the CreateBucketConfiguration XML document, the service's XML parser resolves external entities...