56 matches found
OWSLib vulnerable to XML External Entity (XXE) Injection
Impact OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution for lxml, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. Patches - Use only lxml for XML handling, adding...
GHSA-8H9C-R582-MGGC OWSLib vulnerable to XML External Entity (XXE) Injection
Impact OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution for lxml, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. Patches - Use only lxml for XML handling, adding...
PT-2023-21153 · Xml.Etree +2 · Xml.Etree +2
Name of the Vulnerable Software and Affected Versions: OWSLib versions prior to 0.28.1 Description: The XML parser in OWSLib does not disable entity resolution, which could lead to arbitrary file reads from an attacker-controlled XML payload. This issue affects all XML parsing in the codebase. Th...
py39-OWSLib -- arbitrary file read vulnerability
Jorge Rosillo reports: OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution for lxml, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase...
Debian DLA-2754-1 : pywps - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2754 advisory. DLA text goes here For Debian 9 stretch, this problem has been fixed in version 4.0.0-3+deb9u1. We recommend that you upgrade your pywps packages. For the detailed security...
XML External Entity Injection in PyWPS
An XML external entity XXE injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
GHSA-P9WF-3XPG-C9G5 XML External Entity Injection in PyWPS
An XML external entity XXE injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
CVE-2021-39371
An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
CVE-2021-39371
An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
PYSEC-2021-121
An XML external entity XXE injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
Xxe
An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
CVE-2021-39371
An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
PYSEC-2021-121
An XML external entity XXE injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
CVE-2021-39371
An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
CVE-2021-39371
CVE-2021-39371 is an XXE injection in PyWPS prior to 4.4.5, with OWSLib 0.24.1 possibly affected. The vulnerability allows an attacker to view files on the application server filesystem by supplying a path to an XML external entity. The connected advisories indicate remediation by upgrading PyWPS...
CVE-2021-39371
An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...