CVE-2023-27476HIGHCVSS 7.5fixed in 0.28.12023-03-08
CVE-2023-27476 [HIGH] CWE-611 CVE-2023-27476: OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all X
nvd