6 matches found
datatransfer-client (=2.13.0), parsons (>=0.5.0 <=0.11.1) +1 more potentially affected by CVE-2020-29128 via petl (=1.2.0)
petl PYPI version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on petl and may be impacted: - datatransfer-client =2.13.0 - parsons =0.5.0, =0.4.0, =0.10.1 Source cves: CVE-2020-29128 Source advisory: OSV:GHSA-F5GC-P5M3-V347...
PYSEC-2020-75
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
PYSEC-2020-75
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
datatransfer-client (=2.13.0), parsons (>=0.5.0 <=0.11.1) +1 more potentially affected by CVE-2020-29128 via petl (=1.2.0)
petl PYPI version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on petl and may be impacted: - datatransfer-client =2.13.0 - parsons =0.5.0, =0.4.0, =0.10.1 Source cves: CVE-2020-29128 Source advisory: OSV:PYSEC-2020-75...
Design/Logic Flaw
petl before 1.68, in some configurations, allows resolution of entities in an XML document...
Petl Security Vulnerabilities
Petl is a Pypi package from the Petl Personal Developer that allows access to formatted read and write from files, databases, or other source data. A security vulnerability exists in petl versions prior to 1.68, which stems from allowing entities in XML documents to be parsed in certain...