—
PYSEC-2026-1993
unstructured XML External Entity (XXE)
Details
unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / unstructured
Introduced in:
0 Fixed in: 0.14.3 Fix
pip install --upgrade 'unstructured>=0.14.3' References
- https://nvd.nist.gov/vuln/detail/CVE-2024-46455 [ADVISORY]
- https://github.com/Unstructured-IO/unstructured/pull/3088 [WEB]
- https://github.com/Unstructured-IO/unstructured/commit/171b5df09fc3346aba8ce91c04de5b3e094a86bd [WEB]
- https://binarysouljour.me/cve-2024-46455 [WEB]
- https://github.com/Unstructured-IO/unstructured [PACKAGE]
- https://www.tenable.com/cve/CVE-2024-46455 [WEB]
- https://pypi.org/project/unstructured [PACKAGE]
- https://github.com/advisories/GHSA-32r8-54hf-c9p3 [ADVISORY]