{"id":"PYSEC-2021-388","details":"The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.","aliases":["CVE-2020-26705","GHSA-v899-28g4-qmh8"],"modified":"2025-10-09T07:55:32.484681Z","published":"2021-10-31T20:15:00Z","references":[{"type":"REPORT","url":"https://github.com/darkfoxprime/python-easy_xml/issues/1"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-v899-28g4-qmh8"}],"affected":[{"package":{"name":"easy-xml","ecosystem":"PyPI","purl":"pkg:pypi/easy-xml"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.5.0","0.6.0","0.6.1","0.7.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/easy-xml/PYSEC-2021-388.yaml"}}],"schema_version":"1.7.3"}