17 matches found
EUVD-2020-0127
Malware in sbrugna...
CVE-2020-29128
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
Duplicate Advisory: XML Injection in petl
Duplicate Advisory This advisoerey has been withdrawn because it is a duplicate of GHSA-f5gc-p5m3-v347. This link is maintained to preserve external references. Original Description petl before 1.68, in some configurations, allows resolution of entities in an XML document...
GHSA-69Q2-P9XP-739V Duplicate Advisory: XML Injection in petl
Duplicate Advisory This advisoerey has been withdrawn because it is a duplicate of GHSA-f5gc-p5m3-v347. This link is maintained to preserve external references. Original Description petl before 1.68, in some configurations, allows resolution of entities in an XML document...
XXE in petl
Impact Information Disclosure Summary petl is a Python library that provides functions for extraction, transformation, and loading ETL of data. petl before 1.68, in some configurations, allows resolution of entities in XML input. An attacker who is able to submit XML input to an application using...
GHSA-F5GC-P5M3-V347 XXE in petl
Impact Information Disclosure Summary petl is a Python library that provides functions for extraction, transformation, and loading ETL of data. petl before 1.68, in some configurations, allows resolution of entities in XML input. An attacker who is able to submit XML input to an application using...
datatransfer-client (=2.13.0), parsons (>=0.5.0 <=0.11.1) +1 more potentially affected by CVE-2020-29128 via petl (=1.2.0)
petl PYPI version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on petl and may be impacted: - datatransfer-client =2.13.0 - parsons =0.5.0, =0.4.0, =0.10.1 Source cves: CVE-2020-29128 Source advisory: OSV:GHSA-F5GC-P5M3-V347...
XML External Entity (XXE)
petl is vulnerable to XML External Entities XXE. The vulnerability exists as external entities were not disabled by default by the default lxml parser...
CVE-2020-29128
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
CVE-2020-29128
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
PYSEC-2020-75
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
PYSEC-2020-75
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
datatransfer-client (=2.13.0), parsons (>=0.5.0 <=0.11.1) +1 more potentially affected by CVE-2020-29128 via petl (=1.2.0)
petl PYPI version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on petl and may be impacted: - datatransfer-client =2.13.0 - parsons =0.5.0, =0.4.0, =0.10.1 Source cves: CVE-2020-29128 Source advisory: OSV:PYSEC-2020-75...
Design/Logic Flaw
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
CVE-2020-29128
CVE-2020-29128 concerns the Python ETL library petl, prior to version 1.68. In some configurations, petl can resolve entities in XML input, enabling an attacker to disclose arbitrary files when the application processes attacker-supplied XML with a configured lxml backend. The issue is classified...
CVE-2020-29128
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
Petl Security Vulnerabilities
Petl is a Pypi package from the Petl Personal Developer that allows access to formatted read and write from files, databases, or other source data. A security vulnerability exists in petl versions prior to 1.68, which stems from allowing entities in XML documents to be parsed in certain...