CVE-2023-27476HIGHCVSS 8.2fixed in owslib 0.27.2-3 (bookworm)2023
CVE-2023-27476 [HIGH] CVE-2023-27476: owslib - OWSLib is a Python package for client programming with Open Geospatial Consortiu...
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in t
debian