EUVD-2022-0349

Malicious code in bioql PyPI...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview llama-index-readers-stripe-docs is a llama-index readers stripedocs integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and...

USN-7368-1 snakeyaml vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

PYSEC-2022-243

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

XML2Dict XML Entity Expansion Vulnerability

XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references...