CVE-2020-26708
CVE-2020-26708 affects the Python library requests-xml v0.2.3. The root cause is an XML External Entity (XXE) flaw: the library does not properly sanitize external DTDs by default, enabling an attacker to run arbitrary code via a crafted XML file. Practical impact is arbitrary code execution when...