Tomkralidis

**Name of the Vulnerable Software and Affected Versions** OWSLib versions prior to 0.28.1 **Description** The XML parser in OWSLib does not disable entity resolution, which could lead to arbitrary file reads from an attacker-controlled XML payload. This issue affects all XML parsing in the codebase. The estimated number of potentially affected devices is not specified. **Recommendations** For versions prior to 0.28.1, upgrade to version 0.28.1 to resolve the issue. As a temporary workaround, consider patching the library manually by setting `resolve entities=False` in `lxml`'s parser or applying the provided patch to disable entity resolution for `xml.etree`. Restrict access to the XML parsing functionality to minimize the risk of exploitation until the issue is resolved.