An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
References
Link | Resource |
---|---|
https://github.com/geopython/OWSLib/issues/790 | Issue Tracking Patch Third Party Advisory |
https://github.com/geopython/pywps/pull/616 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/09/msg00001.html | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-23T00:03:20
Updated: 2021-09-10T13:16:35
Reserved: 2021-08-22T00:00:00
Link: CVE-2021-39371
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-23T01:15:06.373
Modified: 2022-06-02T14:48:58.207
Link: CVE-2021-39371
JSON object: View
Redhat Information
No data.
CWE