{"id":"GHSA-vv6q-6hwp-vrgp","summary":"easy-parse XML External Entity Injection vulnerability","details":"easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.","aliases":["CVE-2020-26710","PYSEC-2023-97"],"modified":"2024-02-16T08:17:32.199159Z","published":"2023-06-29T21:30:29Z","database_specific":{"nvd_published_at":"2023-06-29T21:15:09Z","cwe_ids":["CWE-611"],"severity":"HIGH","github_reviewed":true,"github_reviewed_at":"2023-06-30T20:36:45Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26710"},{"type":"WEB","url":"https://github.com/uncmath25/easy-parse/issues/3"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/easy-parse/PYSEC-2023-97.yaml"},{"type":"PACKAGE","url":"https://github.com/uncmath25/easy-parse"}],"affected":[{"package":{"name":"easy-parse","ecosystem":"PyPI","purl":"pkg:pypi/easy-parse"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.1.1"}]}],"versions":["0.1.0","0.1.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-vv6q-6hwp-vrgp/GHSA-vv6q-6hwp-vrgp.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}