PYSEC-2020-111

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/svglib/PYSEC-2020-111.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2020-111
Aliases
Published
2020-03-20T23:15:00Z
Modified
2023-11-01T04:51:27.251428Z
Summary
[none]
Details

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.

References

Affected packages

PyPI / svglib

Package

Name
svglib
View open source insights on deps.dev
Purl
pkg:pypi/svglib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.4

Affected versions

0.*

0.6.0
0.6.1
0.6.2
0.6.3
0.8.0
0.8.1
0.9.0b0
0.9.0
0.9.1
0.9.2
0.9.3

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/svglib/PYSEC-2020-111.yaml"