CVE-2021-29421

Опубликовано: 01 апр. 2021

Источник: debian

Описание

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

Пакет	Статус	Версия исправления	Релиз	Тип
pikepdf	fixed	1.17.3+dfsg-5		package
pikepdf	no-dsa		buster	package

https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a (v2.10.0)

CVE-2021-29421

CVSS3: 7.5

ubuntu

почти 5 лет назад

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

CVE-2021-29421

CVSS3: 7.5

redhat

почти 5 лет назад

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

CVE-2021-29421

CVSS3: 7.5

nvd

почти 5 лет назад

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

GHSA-ccgm-3xw4-h5p8

CVSS3: 7.5

github

почти 5 лет назад

Improper Restriction of XML External Entity Reference in pikepdf