xml4h@1.0 vulnerabilities

XML for Humans in Python

latest version

1.0
first published

12 years ago
latest version published

4 years ago
licenses detected
- MIT
  [1.0,)
View xml4h package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the xml4h package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M XML External Entity (XXE) Injection xml4h is a XML for Humans in Python Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The function 'parse()' does not restrict external entities while parsing a specially crafted XML document. Due to this flaw, an attacker could read local files by defining an external entity with a `file://` URI How to fix XML External Entity (XXE) Injection? There is no fixed version for `xml4h`.	[0,)

XML External Entity (XXE) Injection

xml4h is a XML for Humans in Python

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The function 'parse()' does not restrict external entities while parsing a specially crafted XML document. Due to this flaw, an attacker could read local files by defining an external entity with a file:// URI

How to fix XML External Entity (XXE) Injection?

There is no fixed version for xml4h.

[0,)

Go back to all versions of this package

xml4h@1.0 vulnerabilities

XML for Humans in Python

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities