An XML External Entity (XXE) issue exists in Python up to and including 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python python |
||
debian debian linux 10.0 |