py39-OWSLib -- arbitrary file read vulnerability
Jorge Rosillo reports:
OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution for `lxml`, and could lead to arbitrary file reads from an attacker-controlled XML payload.
This affects all XML parsing in the codebase.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright