Описание
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pywps | fixed | 4.5.0-1 | package | |
| pywps | no-dsa | bullseye | package | |
| pywps | no-dsa | buster | package |
Примечания
https://github.com/geopython/OWSLib/issues/790
https://github.com/geopython/pywps/pull/616
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 4 лет назад
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
CVSS3: 7.5
nvd
больше 4 лет назад
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
