Vulnerabilities > CVE-2021-39371 - XXE vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/geopython/OWSLib/issues/790
- https://github.com/geopython/OWSLib/issues/790
- https://github.com/geopython/pywps/pull/616
- https://github.com/geopython/pywps/pull/616
- https://lists.debian.org/debian-lts-announce/2021/09/msg00001.html
- https://lists.debian.org/debian-lts-announce/2021/09/msg00001.html