CVE-2021-29421

Опубликовано: 01 апр. 2021

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

There's a flaw in the pikepdf Python library's XMP metadata parsing functionality. An attacker who is able to submit a crafted PDF file to be processed by pikepdf could trigger an XML External Entity (XXE) injection. The highest threat of this flaw is to confidentiality of data.

Отчет

This flaw does not affect any Red Hat shipped commercial products, as pikepdf is not currently shipped.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1946269pikepdf: XML external entity issue when parsing XMP metadata entries

EPSS

Процентиль: 59%

0.00374

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-29421

CVSS3: 7.5

ubuntu

почти 5 лет назад

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

CVE-2021-29421

CVSS3: 7.5

nvd

почти 5 лет назад

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

CVE-2021-29421

CVSS3: 7.5

debian

почти 5 лет назад

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Pyth ...

GHSA-ccgm-3xw4-h5p8

CVSS3: 7.5

github

почти 5 лет назад

Improper Restriction of XML External Entity Reference in pikepdf

EPSS

Процентиль: 59%

0.00374

Низкий

7.5 High

CVSS3