Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-29421 - log back

CVE-2021-29421 edited at 02 Apr 2021 10:08:21

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Xml external entity injection

Description

+	models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XML external entity injection (XXE) when parsing XMP metadata entries.

References

+	https://portswigger.net/web-security/xxe
+	https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a

Notes

CVE-2021-29421 created at 02 Apr 2021 10:05:23