2 matches found
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...
CVE-2021-41770
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure...