Vulnerability	Vulnerable Version
H XML External Entity (XXE) Injection rtc-tools is a Toolbox for control and optimization of water systems. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to unsafe parsing of `__path_xml`. An attacker could potentially exploit this by providing malicious XML input, leading to unauthorised file access or network requests. How to fix XML External Entity (XXE) Injection? Upgrade `rtc-tools` to version 2.6.1 or higher.	[,2.6.1)
C Deserialization of Untrusted Data rtc-tools is a Toolbox for control and optimization of water systems. Affected versions of this package are vulnerable to Deserialization of Untrusted Data rough cashing in `pickle` module in `csv_lookup_table_mixin.py`. An attacker could potentially execute arbitrary code by exploiting the deserialisation of untrusted data, leading to a full server compromise. How to fix Deserialization of Untrusted Data? Upgrade `rtc-tools` to version 2.6.1 or higher.	[,2.6.1)

XML External Entity (XXE) Injection

rtc-tools is a Toolbox for control and optimization of water systems.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to unsafe parsing of __path_xml. An attacker could potentially exploit this by providing malicious XML input, leading to unauthorised file access or network requests.

How to fix XML External Entity (XXE) Injection?

Upgrade rtc-tools to version 2.6.1 or higher.

[,2.6.1)

Deserialization of Untrusted Data

rtc-tools is a Toolbox for control and optimization of water systems.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data rough cashing in pickle module in csv_lookup_table_mixin.py. An attacker could potentially execute arbitrary code by exploiting the deserialisation of untrusted data, leading to a full server compromise.

How to fix Deserialization of Untrusted Data?

Upgrade rtc-tools to version 2.6.1 or higher.

[,2.6.1)

Go back to all versions of this package