{"id":"PYSEC-2020-75","details":"petl before 1.68, in some configurations, allows resolution of entities in an XML document.","aliases":["CVE-2020-29128","GHSA-69q2-p9xp-739v","GHSA-f5gc-p5m3-v347"],"modified":"2023-11-08T04:03:30.437607Z","published":"2020-11-26T05:15:00Z","references":[{"type":"WEB","url":"https://petl.readthedocs.io/en/stable/changes.html"},{"type":"WEB","url":"https://github.com/petl-developers/petl/pull/527"},{"type":"WEB","url":"https://github.com/petl-developers/petl/compare/v1.6.7...v1.6.8"},{"type":"WEB","url":"https://github.com/petl-developers/petl/pull/527/commits/1b0a09f08c3cdfe2e69647bd02f97c1367a5b5f8"},{"type":"REPORT","url":"https://github.com/petl-developers/petl/issues/526"},{"type":"ADVISORY","url":"https://github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347"},{"type":"ADVISORY","url":"https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-69q2-p9xp-739v"}],"affected":[{"package":{"name":"petl","ecosystem":"PyPI","purl":"pkg:pypi/petl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.8"}]}],"versions":["0.2","0.3","0.4","0.5","0.6","0.7","0.8","0.9","0.10","0.10.1","0.10.2","0.11","0.11.1","0.12","0.13","0.13.1","0.14","0.15","0.16","0.16.1","0.16.2","0.17","0.17.1","0.18","0.18.1","0.19","0.20","0.21","0.21.2","0.22","0.22.1","0.23","0.24","0.24.1","0.24.2","0.24.3","0.25","0.25.1","0.25.2","0.25.3","0.26","1.0.0-alpha1","1.0.0a2","1.0.0a3","1.0.0b1","1.0.0b2","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.0.10","1.0.11","1.1.0","1.1.1","1.2.0","1.3.0rc3","1.3.0","1.4.0","1.5.0","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/petl/PYSEC-2020-75.yaml"}}],"schema_version":"1.7.3"}