Lucene search

K

GoogleOSV:GHSA-CCGM-3XW4-H5P8

HistoryApr 20, 2021 - 4:30 p.m.

Improper Restriction of XML External Entity Reference in pikepdf

2021-04-2016:30:03

Google

osv.dev

14

pikepdf

python

xxe

metadata

parsing

EPSS

0.001

Percentile

47.8%

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

References

github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a

lists.fedoraproject.org/archives/list/[email protected]/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJG

lists.fedoraproject.org/archives/list/[email protected]/message/3QFLBBYGEDNXJ7FS6PIWTVI4T4BUPGEQ

nvd.nist.gov/vuln/detail/CVE-2021-29421

EPSS

0.001

Percentile

47.8%

Related for OSV:GHSA-CCGM-3XW4-H5P8

openvas5 fedora2 osv2 nvd2 nessus2 mageia1 ubuntucve1 veracode1 github2 cve2 redhatcve1 prion1 cvelist1 alpinelinux1 debiancve1 sonarsource1