CVE-2021-29421 - log back

CVE-2021-29421 edited at 02 Apr 2021 10:08:21
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Xml external entity injection
Description
+ models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XML external entity injection (XXE) when parsing XMP metadata entries.
References
+ https://portswigger.net/web-security/xxe
+ https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a
Notes
CVE-2021-29421 created at 02 Apr 2021 10:05:23