High severityNVD Advisory· Published Nov 26, 2020· Updated Aug 4, 2024
CVE-2020-29128
CVE-2020-29128
Description
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
petlPyPI | < 1.6.8 | 1.6.8 |
Affected products
2- petl/petldescription
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-f5gc-p5m3-v347ghsaADVISORY
- github.com/nvn1729/advisories/blob/master/cve-2020-29128.mdghsax_refsource_MISCWEB
- github.com/petl-developers/petl/commit/07420ef8463cc387aea84e2d6241cf556574e2a5ghsaWEB
- github.com/petl-developers/petl/compare/v1.6.7...v1.6.8ghsax_refsource_MISCWEB
- github.com/petl-developers/petl/issues/526ghsax_refsource_MISCWEB
- github.com/petl-developers/petl/pull/527ghsax_refsource_MISCWEB
- github.com/petl-developers/petl/pull/527/commits/1b0a09f08c3cdfe2e69647bd02f97c1367a5b5f8mitrex_refsource_MISC
- github.com/petl-developers/petl/releases/tag/v1.6.8ghsaWEB
- github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/petl/PYSEC-2020-75.yamlghsaWEB
- owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_ProcessingghsaWEB
- petl.readthedocs.io/en/stable/changes.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.