Skip to content

XML External Entity vulnerability in Easy-XML

Critical severity GitHub Reviewed Published Nov 1, 2021 to the GitHub Advisory Database • Updated Sep 20, 2024

Package

pip easy-xml (pip)

Affected versions

<= 0.5.0

Patched versions

None

Description

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.

References

Published by the National Vulnerability Database Oct 31, 2021
Reviewed Nov 1, 2021
Published to the GitHub Advisory Database Nov 1, 2021
Last updated Sep 20, 2024

Severity

Critical

EPSS score

0.222%
(61st percentile)

Weaknesses

CVE ID

CVE-2020-26705

GHSA ID

GHSA-v899-28g4-qmh8

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.