An XML external entity (XXE) injection in PyWPS prior to 4.4.5 allows an malicious user to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
osgeo owslib 0.24.1 |
||
osgeo pywps |
||
debian debian linux 9.0 |