Lucene search
GoogleOSV:CVE-2021-29421HistoryApr 01, 2021 - 8:15 p.m.
CVE-2021-29421
2021-04-0120:15:12
Google
osv.dev
5
pikepdf
xxe
parsing
xmp
metadata
security vulnerability
EPSS
0.001
Percentile
47.8%
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
References
github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100
github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QFLBBYGEDNXJ7FS6PIWTVI4T4BUPGEQ/
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0268)
2022-01-28 00:00:00
Fedora: Security Advisory for python-pikepdf (FEDORA-2021-d97bc581be)
2021-04-10 00:00:00
Fedora: Security Advisory for python-pikepdf (FEDORA-2021-4bf9909a76)
2021-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: python-pikepdf-1.19.4-2.fc32
2021-04-09 15:41:16
[SECURITY] Fedora 33 Update: python-pikepdf-1.19.4-2.fc33
2021-04-09 15:17:19
nvd
nvd
CVE-2021-29421
2021-04-01 20:15:12
CVE-2021-46849
2022-10-24 14:15:50
nessus
nessus
Fedora 32 : python-pikepdf (2021-d97bc581be)
2021-04-19 00:00:00
Fedora 33 : python-pikepdf (2021-4bf9909a76)
2021-04-19 00:00:00
mageia
mageia
Updated python-pikepdf packages fix security vulnerability
2021-06-18 22:24:28
ubuntucve
ubuntucve
CVE-2021-29421
2021-04-01 00:00:00
osv
osv
PYSEC-2021-34
2021-04-01 20:15:00
Improper Restriction of XML External Entity Reference in pikepdf
2021-04-20 16:30:03
veracode
veracode
XML External Entity (XXE)
2021-04-05 05:26:45
github
github
Improper Restriction of XML External Entity Reference in pikepdf
2021-04-20 16:30:03
cve
cve
CVE-2021-29421
2021-04-01 20:15:12
CVE-2021-46849
2022-10-24 14:15:50
redhatcve
redhatcve
CVE-2021-29421
2021-04-06 17:47:48
prion
prion
Code injection
2021-04-01 20:15:00
cvelist
cvelist
CVE-2021-29421
2021-04-01 00:00:00
alpinelinux
alpinelinux
CVE-2021-29421
2021-04-01 20:15:12
debiancve
debiancve
CVE-2021-29421
2021-04-01 20:15:12
sonarsource
sonarsource