Name of the Vulnerable Software and Affected Versions xml package (affected versions not specified)

Description The issue concerns the xml package's use of environment variables to override parser/DOM implementations, specifically in the xml.sax package and the xml.dom.domreg module. When the interpreter is started with certain flags, such as -E or -I, the code should not use environment variables to override module names.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.