VYPR

PyPI package

xml2rfc

pkg:pypi/xml2rfc

Vulnerabilities (2)

  • CVE-2025-11059higSep 10, 2025
    affected < 3.30.2fixed 3.30.2

    ### Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. ### Workarounds Test untrusted input with `link` elements with `rel="attachment"` before process

  • CVE-2025-11058higAug 26, 2025
    affected < 3.30.1fixed 3.30.1

    ### Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML. ### Workarounds Test untrusted input with `link` elements with `rel="attachment"` before processing. ### Cre