2 matches found
Langroid Allows XXE Injection via XMLToolMessage
Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...
[slackware-security] libxml2
New libxml2 packages are available for Slackware XXX 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.11.9-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Fix XXE protection in downstream code. For mor...