2 matches found
CVE-2023-27476
OWSLib (Python) has a vulnerability in its XML parser that does not disable entity resolution, enabling potential arbitrary file reads from attacker-controlled XML payloads across all XML parsing in the codebase. Affected versions prior to 0.28.1; remediation is to upgrade to 0.28.1 or apply the ...
CVE-2021-39371
CVE-2021-39371 is an XXE injection in PyWPS prior to 4.4.5, with OWSLib 0.24.1 possibly affected. The vulnerability allows an attacker to view files on the application server filesystem by supplying a path to an XML external entity. The connected advisories indicate remediation by upgrading PyWPS...