13 matches found
EUVD-2023-0211
Malicious code in bioql PyPI...
CVE-2020-26709
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
XML External Entity (XXE) Injection
py-xml is vulnerable to XML External Entity XXE Injection. The vulnerability exists because the library does not properly sanitize external DTD's by default, which allows an attacker to inject and execute maliciously crafted XML documents...
py-xml XML External Entity Injection vulnerability
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
GHSA-J6V2-MWXM-F952 py-xml XML External Entity Injection vulnerability
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26709
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
PYSEC-2023-95
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
PYSEC-2023-95
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
Xxe
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26709
CVE-2020-26709 affects py-xml v1.0 and is caused by an XML External Entity (XXE) vulnerability in the XML parsing path, allowing an attacker to execute arbitrary code via a crafted XML file. The issue is documented across multiple sources (NVD entry, Red Hat advisory, GHSA, OSV, CNNVD, CVE list, ...
py-xml 代码问题漏洞
py-xml is a Python XML binding library open source by China Pinae. A security vulnerability exists in py-xml v1.0, which stems from the inclusion of an XML External Entity Injection XXE vulnerability that allows an attacker to execute arbitrary code through a crafted XML file...
CVE-2020-26709
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
PT-2023-11756 · Pyxml · Pyxml
Name of the Vulnerable Software and Affected Versions: py-xml version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted XML file, exploiting an XML External Entity Injection XXE vulnerability. Recommendations: For py-xml version 1.0, consider disabling the XML...