{"id":"PYSEC-2016-21","details":"python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.","aliases":["CVE-2016-5851","GHSA-34wj-p5jm-2p96"],"modified":"2023-11-08T03:58:32.000630Z","published":"2016-12-21T22:59:00Z","references":[{"type":"WEB","url":"https://github.com/python-openxml/python-docx/blob/v0.8.6/HISTORY.rst"},{"type":"WEB","url":"http://www.securityfocus.com/bid/91485"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/06/28/8"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/06/28/7"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-34wj-p5jm-2p96"}],"affected":[{"package":{"name":"python-docx","ecosystem":"PyPI","purl":"pkg:pypi/python-docx"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.6"}]}],"versions":["0.3.0a1","0.3.0a2","0.3.0a3","0.3.0a4","0.3.0a5","0.3.0dev1","0.4.0","0.5.0","0.5.1","0.5.2","0.5.3","0.6.0","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/python-docx/PYSEC-2016-21.yaml"}}],"schema_version":"1.7.3"}