PYSEC-2021-121

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pywps/PYSEC-2021-121.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-121

Aliases

Published

2021-08-23T01:15:00Z

Modified

2023-11-01T05:18:39.891070Z

Summary

[none]

Details

An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.

References

Affected packages

PyPI / pywps

Package

Name: pywps; View open source insights on deps.dev
Purl: pkg:pypi/pywps

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.0

Affected versions

Other

trunk

3.*

3.2.3

3.2.4

3.2.5

3.2.6

4.*

4.0.0

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

4.2.10

4.2.11

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pywps/PYSEC-2021-121.yaml"