FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-24 11:27:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e5d117b3-2153-4129-81ed-42b0221afa78	py39-OWSLib -- arbitrary file read vulnerability Jorge Rosillo reports: OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution for `lxml`, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. Discovery 2023-03-07 Entry 2023-04-09 py39-OWSLib < 0.28.1 CVE-2023-27476 https://osv.dev/vulnerability/GHSA-8h9c-r582-mggc

VuXML ID

Description

e5d117b3-2153-4129-81ed-42b0221afa78

py39-OWSLib -- arbitrary file read vulnerability

Jorge Rosillo reports:

OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution for `lxml`, and could lead to arbitrary file reads from an attacker-controlled XML payload.

This affects all XML parsing in the codebase.

Discovery 2023-03-07
Entry 2023-04-09
py39-OWSLib

< 0.28.1

CVE-2023-27476
https://osv.dev/vulnerability/GHSA-8h9c-r582-mggc