CVE-2020-5227

Name of the Vulnerable Software and Affected Versions python feedgen versions prior to 0.9.0

Description The feedgen library is susceptible to XML Denial of Service attacks when supplying XML as content for some fields, which can be parsed and integrated into the existing XML tree. This becomes a concern if feedgen is used to include content from untrusted sources and if XML is directly included instead of providing plain text content only.

Recommendations For versions prior to 0.9.0, update to feedgen 0.9.0, which disallows XML entity expansion and external resources. As a temporary workaround, avoid providing XML directly to feedgen or ensure that no entity expansion is part of the XML.