An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
{ "binaries": [ { "binary_version": "4.0.0-5", "binary_name": "python-pywps" }, { "binary_version": "4.0.0-5", "binary_name": "pywps" }, { "binary_version": "4.0.0-5", "binary_name": "pywps-wsgi" } ] }
{ "binaries": [ { "binary_version": "4.2.4-1", "binary_name": "python3-pywps" }, { "binary_version": "4.2.4-1", "binary_name": "pywps" }, { "binary_version": "4.2.4-1", "binary_name": "pywps-wsgi" } ] }
{ "binaries": [ { "binary_version": "4.5.1-1", "binary_name": "python3-pywps" }, { "binary_version": "4.5.1-1", "binary_name": "pywps" }, { "binary_version": "4.5.1-1", "binary_name": "pywps-wsgi" } ] }