Опубликовано: 01 нояб. 2021
Источник: github
Github: Прошло ревью
CVSS4: 8.8
CVSS3: 9.1
Описание
XML External Entity vulnerability in Easy-XML
The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.
Пакеты
Наименование
easy-xml
pip
Затронутые версииВерсия исправления
<= 0.5.0
Отсутствует
Связанные уязвимости
CVSS3: 9.1
nvd
больше 4 лет назад
The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.