CVE-2021-39371 – pywps

Package

Manager: pip
Name: pywps
Vulnerable Version: >=0 <4.5.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00446 pctl0.62582

Details

XML External Entity Injection in PyWPS An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.

Metadata

Created: 2021-09-02T17:11:13Z
Modified: 2024-10-24T21:53:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-p9wf-3xpg-c9g5/GHSA-p9wf-3xpg-c9g5.json
CWE IDs: ["CWE-611", "CWE-91"]
Alternative ID: GHSA-p9wf-3xpg-c9g5
Finding: F083
Auto approve: 1