AVG-1761 log

Package python-pikepdf
Status Fixed
Severity Medium
Type xml external entity injection
Affected 2.9.2-1
Fixed 2.10.0-1
Current 4.1.0-1 [community]
Ticket None
Created Fri Apr 2 10:05:23 2021
Issue Severity Remote Type Description
CVE-2021-29421 Medium Yes Xml external entity injection
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XML external entity injection (XXE) when parsing XMP metadata entries.