Lucene search
Veracode Vulnerability DatabaseVERACODE:29891HistoryApr 05, 2021 - 5:26 a.m.
XML External Entity (XXE)
2021-04-0505:26:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
47.8%
pikepdf is vulnerable to XML External Entities (XXE). The vulnerability exists through parsing XMP metadata entries when parsing BytesIO(xml).
References
github.com/advisories/GHSA-ccgm-3xw4-h5p8
github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a
lists.fedoraproject.org/archives/list/[email protected]/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJG/
lists.fedoraproject.org/archives/list/[email protected]/message/3QFLBBYGEDNXJ7FS6PIWTVI4T4BUPGEQ/
Related
nessus
nessus
Fedora 32 : python-pikepdf (2021-d97bc581be)
2021-04-19 00:00:00
Fedora 33 : python-pikepdf (2021-4bf9909a76)
2021-04-19 00:00:00
mageia
mageia
Updated python-pikepdf packages fix security vulnerability
2021-06-18 22:24:28
openvas
openvas
Fedora: Security Advisory for python-pikepdf (FEDORA-2021-d97bc581be)
2021-04-10 00:00:00
Fedora: Security Advisory for python-pikepdf (FEDORA-2021-4bf9909a76)
2021-04-10 00:00:00
Mageia: Security Advisory (MGASA-2021-0268)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: python-pikepdf-1.19.4-2.fc33
2021-04-09 15:17:19
[SECURITY] Fedora 32 Update: python-pikepdf-1.19.4-2.fc32
2021-04-09 15:41:16
ubuntucve
ubuntucve
CVE-2021-29421
2021-04-01 00:00:00
redhatcve
redhatcve
CVE-2021-29421
2021-04-06 17:47:48
debiancve
debiancve
CVE-2021-29421
2021-04-01 20:15:12
osv
osv
Improper Restriction of XML External Entity Reference in pikepdf
2021-04-20 16:30:03
CVE-2021-29421
2021-04-01 20:15:12
PYSEC-2021-34
2021-04-01 20:15:00
alpinelinux
alpinelinux
CVE-2021-29421
2021-04-01 20:15:12
prion
prion
Code injection
2021-04-01 20:15:00
cvelist
cvelist
CVE-2021-29421
2021-04-01 00:00:00
nvd
nvd
CVE-2021-29421
2021-04-01 20:15:12
CVE-2021-46849
2022-10-24 14:15:50
cve
cve
CVE-2021-29421
2021-04-01 20:15:12
CVE-2021-46849
2022-10-24 14:15:50
github
github
Improper Restriction of XML External Entity Reference in pikepdf
2021-04-20 16:30:03
sonarsource
sonarsource