Showing 1 - 1 of 1

CVE-2023-27476

Status Candidate

Overview

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.

Related Files

Debian Security Advisory 5426-1: Posted Jun 14, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5426-1 - An arbitrary file reads from malformed XML payload vulnerability was discovered in owslib, the Python client library for Open Geospatial (OGC) web services. This issue has been addressed by always using lxml as the XML parser with entity resolution disabled.; tags | advisory, web, arbitrary, python; systems | linux, debian; advisories | CVE-2023-27476; SHA-256 | 37c20253f7881119a39c68de0bba619b7c6321b3d74efdbadda4472e2f508d6f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 389 files
Ubuntu 92 files
Debian 30 files
BugsBD Limited 21 files
Rahad Chowdhury 21 files
Gentoo 18 files
tmrswrr 12 files
Google Security Research 5 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,850)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,624)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,137)
UNIX (9,340)
UnixWare (187)
Windows (6,606)
Other

CVE-2023-27476

Overview

Related Files

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems