owslib@0.8.9 vulnerabilities

OGC Web Service utility library

  • latest version

    0.32.0

  • latest non vulnerable version

  • first published

    18 years ago

  • latest version published

    2 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the owslib package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    XML External Entity (XXE) Injection

    OWSLib is an OGC Web Service utility library

    Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to the usage of entity resolution via the XML parser. Exploiting this vulnerability might result in arbitrary file read from an attacker-controlled XML payload

    How to fix XML External Entity (XXE) Injection?

    Upgrade OWSLib to version 0.28.1 or higher.

    [,0.28.1)