{"id":"PYSEC-2021-121","details":"An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.","aliases":["CVE-2021-39371","GHSA-p9wf-3xpg-c9g5"],"modified":"2023-11-08T04:06:35.706904Z","published":"2021-08-23T01:15:00Z","references":[{"type":"WEB","url":"https://github.com/geopython/pywps/pull/616"},{"type":"REPORT","url":"https://github.com/geopython/OWSLib/issues/790"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-p9wf-3xpg-c9g5"}],"affected":[{"package":{"name":"pywps","ecosystem":"PyPI","purl":"pkg:pypi/pywps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.0"}]}],"versions":["3.2.3","3.2.4","3.2.5","3.2.6","4.0.0","4.2.0","4.2.1","4.2.10","4.2.11","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.9","4.4.0","4.4.1","4.4.2","4.4.3","4.4.4","4.4.5","trunk"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pywps/PYSEC-2021-121.yaml"}}],"schema_version":"1.7.3"}