EPSS
Percentile
76.4%
pywps is vulnerable to XML External Entity (XXE) Injection. An attacker is able to view files on the application server filesystem as the lxml default parser allows assigning a path to the entity.
github.com/geopython/OWSLib/issues/790
github.com/geopython/pywps/commit/7d6b26a2e931df2feca0b7fb24f4d01610825aee
github.com/geopython/pywps/pull/616
lists.debian.org/debian-lts-announce/2021/09/msg00001.html