High severityNVD Advisory· Published Jun 29, 2023· Updated Nov 27, 2024
CVE-2020-26708
CVE-2020-26708
Description
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
requests-xmlPyPI | <= 0.2.3 | — |
Affected products
2- requests-xml/requests-xmldescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-ccrc-9x59-3vc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26708ghsaADVISORY
- github.com/erinxocon/requests-xml/issues/7ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/requests-xml/PYSEC-2023-96.yamlghsaWEB
- security.netapp.com/advisory/ntap-20230908-0003ghsaWEB
- security.netapp.com/advisory/ntap-20230908-0003/mitre
News mentions
0No linked articles in our index yet.