Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XML External Entity (XXE) Injection in OWSLib
Vulnerability Description
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
OWSLib 代码问题漏洞
Vulnerability Description
OWSLib是一个 Python 包,用于使用开放地理空间联盟 (OGC) Web 服务(因此称为 OWS)接口标准及其相关内容模型进行客户端编程。 OWSLib 0.28.1之前版本存在代码问题漏洞,该漏洞源于XML解析器不会禁用实体解析,并且可能导致从攻击者控制的XML有效载荷中读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A