{"id":"PYSEC-2023-97","details":"easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.","aliases":["CVE-2020-26710","GHSA-vv6q-6hwp-vrgp"],"modified":"2023-11-08T04:03:19.973381Z","published":"2023-06-29T21:15:00Z","references":[{"type":"REPORT","url":"https://github.com/uncmath25/easy-parse/issues/3"}],"affected":[{"package":{"name":"easy-parse","ecosystem":"PyPI","purl":"pkg:pypi/easy-parse"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.1.0","0.1.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/easy-parse/PYSEC-2023-97.yaml"}}],"schema_version":"1.7.3"}