models/metadata.py in the pikepdf package 1.3.0 up to and including 2.9.2 for Python allows XXE when parsing XMP metadata entries.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pikepdf project pikepdf |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |