{"id":"PYSEC-2020-111","details":"The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.","aliases":["CVE-2020-10799","GHSA-3vcg-8p79-jpcv"],"modified":"2023-11-08T04:02:01.152612Z","published":"2020-03-20T23:15:00Z","references":[{"type":"REPORT","url":"https://github.com/deeplook/svglib/issues/229"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-3vcg-8p79-jpcv"}],"affected":[{"package":{"name":"svglib","ecosystem":"PyPI","purl":"pkg:pypi/svglib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.4"}]}],"versions":["0.6.0","0.6.1","0.6.2","0.6.3","0.8.0","0.8.1","0.9.0b0","0.9.0","0.9.1","0.9.2","0.9.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/svglib/PYSEC-2020-111.yaml"}}],"schema_version":"1.7.3"}