logo

Database

XML injection (XXE) In requests-xml

Description

requests-xml XML External Entity Injection vulnerability requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2020-267082. NVD-2020-267083. OSV-2020-267084. GCVE-2020-26708

References

1. https://github.com/erinxocon/requests-xml/issues/72. https://github.com/pypa/advisory-database/tree/main/vulns/requests-xml/PYSEC-2023-96.yaml3. https://security.netapp.com/advisory/ntap-20230908-0003

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.