CVE-2016-5851

Name of the Vulnerable Software and Affected Versions python-docx versions prior to 0.8.6

Description The issue allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. This can be exploited by providing a specially crafted document to the python-docx software.

Recommendations For versions prior to 0.8.6, update to version 0.8.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted documents until a patch is applied. Avoid using the python-docx software with untrusted documents until the issue is resolved.