EUVD-2023-0226

Malicious code in bioql PyPI...

mydatapy (=0.1.1) potentially affected by CVE-2020-26708 via requests-xml (=0.2.3)

requests-xml PYPI version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on requests-xml and may be impacted: - mydatapy =0.1.1 Source cves: CVE-2020-26708 Source advisory: OSV:GHSA-CCRC-9X59-3VC4...

requests-xml XML External Entity Injection vulnerability

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

GHSA-CCRC-9X59-3VC4 requests-xml XML External Entity Injection vulnerability

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2020-26708

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2020-26708

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

mydatapy (=0.1.1) potentially affected by CVE-2020-26708 via requests-xml (=0.2.3)

requests-xml PYPI version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on requests-xml and may be impacted: - mydatapy =0.1.1 Source cves: CVE-2020-26708 Source advisory: OSV:PYSEC-2023-96...

PYSEC-2023-96

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2020-26708

CVE-2020-26708 affects the Python library requests-xml v0.2.3. The root cause is an XML External Entity (XXE) flaw: the library does not properly sanitize external DTDs by default, enabling an attacker to run arbitrary code via a crafted XML file. Practical impact is arbitrary code execution when...

CVE-2020-26708

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2020-26708

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

PT-2023-11755 · Pypi · Requests-Xml

Name of the Vulnerable Software and Affected Versions: requests-xml version 0.2.3 Description: The issue allows attackers to execute arbitrary code via a crafted XML file, exploiting an XML External Entity Injection XXE vulnerability. Recommendations: For version 0.2.3, update to a version that...

Requests-XML 代码问题漏洞

Requests-XML is a library for parsing XML from the individual developers at erinxocon. A security vulnerability exists in requests-xml version v0.2.3, which stems from the inclusion of an XML External Entity Injection XXE vulnerability that allows an attacker to execute arbitrary code via a craft...