Owslib · Owslib · CVE-2021-39371
Name of the Vulnerable Software and Affected Versions:
PyWPS versions prior to 4.5.0
OWSLib version 0.24.1
Description:
An XML external entity (XXE) injection allows an attacker to view files on the application server filesystem by assigning a path to the entity.
Recommendations:
For PyWPS versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue.
For OWSLib version 0.24.1, consider disabling the XML external entity parsing functionality as a temporary workaround until a patch is available.