High severityNVD Advisory· Published Aug 23, 2021· Updated Aug 4, 2024
CVE-2021-39371
CVE-2021-39371
Description
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pywpsPyPI | < 4.5.0 | 4.5.0 |
Affected products
2- PyWPS/PyWPSdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-p9wf-3xpg-c9g5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-39371ghsaADVISORY
- github.com/geopython/OWSLib/issues/790ghsax_refsource_MISCWEB
- github.com/geopython/pywps/commit/7d6b26a2e931df2feca0b7fb24f4d01610825aeeghsaWEB
- github.com/geopython/pywps/pull/616ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/pywps/PYSEC-2021-121.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2021/09/msg00001.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.