56 matches found
Fedora 37 : mingw-python-OWSLib (2023-8312a80917)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8312a80917 advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 36 : mingw-python-OWSLib (2023-ae06b3704c)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ae06b3704c advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
[SECURITY] Fedora 38 Update: mingw-python-OWSLib-0.28.1-1.fc38
MinGW Windows Python OWSLib library...
Fedora: Security Advisory for mingw-python-OWSLib (FEDORA-2023-9a878398a6)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 38 : mingw-python-OWSLib (2023-9a878398a6)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9a878398a6 advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
XML External Entity (XXE)
owslib is vulnerable to XML External Entity XXE. The vulnerability is due to allowing lxml entity resolution, which allows an attacker to read arbitrary files by parsing a crafted XML document...
SUSE CVE-2023-27476
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
CVE-2023-27476
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
DEBIAN-CVE-2023-27476
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
CVE-2023-27476
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
Design/Logic Flaw
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
ausdex (>=0.2.0 <=0.2.2), geodata-harvester (>=0.0.1 <=0.0.2) +10 more potentially affected by CVE-2023-27476 via owslib (>=0.22.0 <=0.27.2)
owslib PYPI version =0.22.0, =0.2.0, =0.0.1, =0.1.1, =0.7.0, =3.3.3, =0.1.12, =0.2.1, =0.12.0.dev0, =0.1.30, =0.13.2, =0.0.1, =0.1.0, =0.1.2 Source cves: CVE-2023-27476 Source advisory: OSV:PYSEC-2023-86...
PYSEC-2023-86
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
UBUNTU-CVE-2023-27476
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
CVE-2023-27476 XML External Entity (XXE) Injection in OWSLib
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
CVE-2023-27476
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
CVE-2023-27476
OWSLib (Python) has a vulnerability in its XML parser that does not disable entity resolution, enabling potential arbitrary file reads from attacker-controlled XML payloads across all XML parsing in the codebase. Affected versions prior to 0.28.1; remediation is to upgrade to 0.28.1 or apply the ...
CVE-2023-27476 XML External Entity (XXE) Injection in OWSLib
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
CVE-2023-27476 XML External Entity (XXE) Injection in OWSLib
OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...
OWSLib vulnerable to XML External Entity (XXE) Injection
Impact OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution for lxml, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. Patches - Use only lxml for XML handling, adding...