PT-2021-22571 · Owslib+2 · Owslib+2

Cheginit

Published

2021-08-23

Updated

2022-06-02

CVE-2021-39371

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: PyWPS versions prior to 4.5.0 OWSLib version 0.24.1

Description: An XML external entity (XXE) injection allows an attacker to view files on the application server filesystem by assigning a path to the entity.

Recommendations: For PyWPS versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. For OWSLib version 0.24.1, consider disabling the XML external entity parsing functionality as a temporary workaround until a patch is available.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-91

Related Identifiers

CVE-2021-39371

DLA-2754-1

GHSA-P9WF-3XPG-C9G5

PYSEC-2021-121

Affected Products

Debian

Owslib

Pywps

PT-2021-22571 · Owslib+2 · Owslib+2

CVE-2021-39371

Weakness Enumeration

Related Identifiers

Affected Products

References · 20