XML External Entity Injection in PyWPS
High severity
GitHub Reviewed
Published
Sep 2, 2021
to the GitHub Advisory Database
•
Updated Apr 14, 2023
Description
Published by the National Vulnerability Database
Aug 23, 2021
Reviewed
Aug 25, 2021
Published to the GitHub Advisory Database
Sep 2, 2021
Last updated
Apr 14, 2023
An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
References